Errata patches for IPsec have been released for OpenBSD 6.3 and 6.2. When an IPsec key expired, the kernel could panic due to unfinished timeout tasks.
Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. Source code patches can be found on the respective errata pages: https://www.openbsd.org/errata62.html https://www.openbsd.org/errata63.html As these affect the kernel, a reboot will be needed after patching.
