Malicious DNS servers could cause a denial of service with an endless
series of delegations. This affects named (BIND) and unbound. There is
a patch for unbound in 5.6. (unbound wasn't built in 5.5.) We don't have
patches for BIND at this time.
Missing memory barriers (and other bugs) made virtio devices unreliable.
Patches available for 5.5 and 5.6.