Re: Stack clash and OpenBSD

2017-06-20 Thread Mike Coddington 
On Tue, Jun 20, 2017 at 11:49:52AM -0400, Mike wrote:
> 
> Does 008: SECURITY FIX: May 19, 2017 fix the Stack Clash bug?
> 
> Or is a fix forthcoming?

Yes, it does. Here's the CVE, and the patch is linked from there.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000372


Thanks to the OpenBSD developers for creating syspatch, or I'd be stuck
waiting for 6.2!

Time to donate to the OpenBSD foundation... be right back :)

-- 
To find a friend one must close one eye; to keep him -- two.
-- Norman Douglas

Re: Stack clash and OpenBSD

2017-06-20 Thread Mike 
On 6/20/2017 11:29 AM, Luis Coronado wrote:
> If you run -current most likely you already have the patched code, if you
> run -stable 6.1 follow https://www.openbsd.org/faq/faq10.html#Patches:
> 
> "If you're running the -release branch of OpenBSD, you can simply use the
> syspatch(8)  utility to upgrade any files
> in need of security or reliability fixes. This is the quickest and easiest
> method to get the base system up to date. Note that binary patches are only
> available for the amd64 and i386 architectures."
> 
> -l
> 
> On Tue, Jun 20, 2017 at 9:12 AM, Jasper Siepkes 
> wrote:
> 
>> Hi all,
>>
>> I'm trying to determine which action I should take in response to the Stack
>> Clash thing  https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
>> . I
>> suspect that "008: SECURITY FIX: May 19, 2017"
>> (https://www.openbsd.org/errata61.html) is the mitigation for OpenBSD 6.1?
>>
>> On a related note; Does anyone know where can I order my Stack Clash
>> t-shirts
>> and mugs? I'm also really disappointed there is no clever flashy logo :-(.
>>
>> Kind regards,
>>
>> Jasper
>>


Does 008: SECURITY FIX: May 19, 2017 fix the Stack Clash bug?

Or is a fix forthcoming?

Re: Stack clash and OpenBSD

2017-06-20 Thread Luis Coronado 
If you run -current most likely you already have the patched code, if you
run -stable 6.1 follow https://www.openbsd.org/faq/faq10.html#Patches:

"If you're running the -release branch of OpenBSD, you can simply use the
syspatch(8)  utility to upgrade any files
in need of security or reliability fixes. This is the quickest and easiest
method to get the base system up to date. Note that binary patches are only
available for the amd64 and i386 architectures."

-l

On Tue, Jun 20, 2017 at 9:12 AM, Jasper Siepkes 
wrote:

> Hi all,
>
> I'm trying to determine which action I should take in response to the Stack
> Clash thing  https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
> . I
> suspect that "008: SECURITY FIX: May 19, 2017"
> (https://www.openbsd.org/errata61.html) is the mitigation for OpenBSD 6.1?
>
> On a related note; Does anyone know where can I order my Stack Clash
> t-shirts
> and mugs? I'm also really disappointed there is no clever flashy logo :-(.
>
> Kind regards,
>
> Jasper
>
>

Stack clash and OpenBSD

2017-06-20 Thread Jasper Siepkes 
Hi all,

I'm trying to determine which action I should take in response to the Stack
Clash thing  https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt . I
suspect that "008: SECURITY FIX: May 19, 2017"
(https://www.openbsd.org/errata61.html) is the mitigation for OpenBSD 6.1?

On a related note; Does anyone know where can I order my Stack Clash t-shirts
and mugs? I'm also really disappointed there is no clever flashy logo :-(.

Kind regards,

Jasper