[Info-vax] DCL vulnerability write up on The Register
Bill Gunshannon
bill.gunshannon at gmail.com
Thu Feb 8 10:54:10 EST 2018
On 02/08/2018 10:41 AM, DuncanMorris wrote:
> On Thursday, February 8, 2018 at 11:52:58 AM UTC, Ian Miller wrote:
>> On Thursday, February 8, 2018 at 2:32:06 AM UTC, Craig A. Berry wrote:
>>> On 2/7/18 7:28 PM, Arne Vajhøj wrote:
>>>> On 2/7/2018 7:49 AM, Craig A. Berry wrote:
>>>
>>>>> Side note: the Register article incorrectly stated that Itanium
>>>>> customers have to get the patch from HPE, but if you have VSI support
>>>>> you can get it from them and it was available there sooner.
>>>>
>>>> So HPE also released a patch?
>>>
>>> I assume they repackaged VSI's patch, and I take the Register's word for
>>> it that you can get a patch from HPE. I just know they are wrong in
>>> saying you *have* to get it from them.
>>
>> I've not seen a patch nor announcement from HPE on this yet.
>>
>> As previously mentioned, VSI have done the right thing after receiving the report of the issue.
>
> Response from HPE:
>
> Alpha has no engineering support, engineering will not be releasing any ECO for Alpha.
>
> A case has been raised as Quix elevation QXCM1001616243 to OpenVMS engineering and they are working on the fix for possible process crash on Itanium due to malformed SET COMMANDs.
>
> Engineering will be providing fix on Itanium for the following issues that were fixed as part of VSI's eco VMS842L1I_DCL-V0100.
>
> 1. SET COMMAND may construct command tables that cause a process crash
> 2. SET COMMAND may cause a process or image crash
>
> We have no release date but this fix will be available via HPESC
>
>
This should be sent to the Register as well. This kind of bad
performance is just up their alley for reporting.
bill
More information about the Info-vax
mailing list