> On 22 Jun 2017, at 03:10, Michelle Sullivan <michelle at sorbs.net>
wrote:
>
> Ed Maste wrote:
>> On 20 June 2017 at 16:22, Ed Maste <emaste at freebsd.org> wrote:
>>> On 20 June 2017 at 04:13, Vladimir Terziev <vterziev at
gvcgroup.com> wrote:
>>>> Hi,
>>>>
>>>> I assume FreeBSD security team is already aware about the Stack
Clash vulnerability, that is stated to affect FreeBSD amongst other Unix-like
OS.
>>> Yes, the security team is aware of this. Improvements in stack
>>> handling are in progress (currently in review).
>> I would like to provide some additional background on this issue.
>> First I'd like to thank Qualys for their detailed and thorough
>> investigation, which is contributing directly to improving FreeBSD.
>>
>> The FreeBSD security team is aware of and is monitoring this issue,
>> but is not directly developing in the changes that are in progress.
>> The issue under discussion is a limitation in a vulnerability
>> mitigation technique. Changes to improve the way FreeBSD manages stack
>> growth, and mitigate the issue demonstrated by Qualys'
>> proof-of-concept code, are in progress by FreeBSD developers
>> knowledgeable in the VM subsystem. These changes are expected to be
>> committed to FreeBSD soon, and from there they will be merged to
>> stable branches and into updates for supported releases.
>
> One would hope considering the nature and potential threat this would be
one of those fixes back ported to previous -STABLE trees as well.
>
Hi Michelle,
On a general note:
When we fix issues, they go to the supported branches / releases. 7.x for
example is no longer supported and is not likely to receive this care and
attention unless someone is willing to support such a change to that branch. For
supported branches, such a change is likely to be merged to those branches and
also to supported releases depending on the determination. E.g. A Security
Advisory (SA) or Errata Notice (EN) will be merged to affected -RELEASES as
well. If an issue does not get one of those two markers, the issue will not be
merged to -RELEASES but can be merged to -STABLE branches.
The above is a general note and not specifically pointed towards ?The Stack
Clash? documents, so this can support potential future questions in the same
area as well :-)
Cheers
Remko
>
> --
> Michelle Sullivan
> http://www.mhix.org/ <http://www.mhix.org/>
>
> _______________________________________________
> freebsd-security at freebsd.org <mailto:freebsd-security at
freebsd.org> mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
<https://lists.freebsd.org/mailman/listinfo/freebsd-security>
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org <mailto:freebsd-security-unsubscribe at freebsd.org>"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL:
<http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170622/81d62fa1/attachment.sig>