In article ,
koehler@eisner.nospam.encompasserve.org (Bob Koehler) wrote:

> In article <00A7E75B.E1A3D903@SendSpamHere.ORG>, VAXman- @SendSpamHere.ORG
> writes:
> > FWIW, reading the patch description text (Yes, with my specs on), there
> > is nothing to indicate the severity of or need for applying this patch!
> > I'd wager that there are sites that will NEVER install this patch unless
> > they see some buffer overflow in SMG. Unless this patch is listed as a
> > SECURITY patch, people not following what has been going on here for the
> > better part of a week will not install it.
>
> Yes. the rating is INSTAL_1, but it should be a MUP!

I second that 100%!

--
Paul Sture

On Aug 22, 8:41*am, "P. Sture" wrote:
> In article ,
> *koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote:
>
> > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, * VAXman- *@SendSpamHere.ORG
> > writes:
> > > FWIW, reading the patch description text (Yes, with my specs on), there
> > > is nothing to indicate the severity of or need for applying this patch!
> > > I'd wager that there are sites that will NEVER install this patch unless
> > > they see some buffer overflow in SMG. *Unless this patch is listed as a
> > > SECURITY patch, people not following what has been going on here for the
> > > better part of a week will not install it.
>
> > * *Yes. *the rating is INSTAL_1, but it should be a MUP!
>
> I second that 100%!
>
> --
> Paul Sture

FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1
thingie.

On Aug 20, 10:03*pm, John Santos wrote:
> In article ,
> B...@rabbit.turquoisewitch.com says...
>
> > Subject says it all. *I'm off...
>
> IVES# set term/unknown
> IVES# mcr install
> INSTALL>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaA
> %CLI-W-TKNOVF, command element is too long - shorten
>
> (Pasting into my newsreader caused the new lines in the middle of all
> the "aaa"'s.)
>
> The uppercase A and the error message resulted when I hit the 1st
> uparrow.
>
> The 2nd uparrow recalled the long line of "aaa...aaa" and the 3rd
> uparrow echoed as another "A" and repeated the error message. *No
> stack dump. *No bogus jump, as far as I can tell. *Looks to be fixed.
>
> (Patches available for I64 V8.2, V8.2-1, V8.3 and V8.3-1H1, and for
> VMS V7.3-2, V8.2 and V8.3. *No patch for VAX of any version, at least
> not yet.)
>
> --
> John

Any word, idea, hint, or rumor about when the VAX patch(es) will be
made available?

We still have two in service production
Plus the workstation on my desk.

Rich

In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes:
>In article <00A7E75B.E1A3D903@SendSpamHere.ORG>, VAXman- @SendSpamHere.ORG writes:
>> FWIW, reading the patch description text (Yes, with my specs on), there
>> is nothing to indicate the severity of or need for applying this patch!
>> I'd wager that there are sites that will NEVER install this patch unless
>> they see some buffer overflow in SMG. Unless this patch is listed as a
>> SECURITY patch, people not following what has been going on here for the
>> better part of a week will not install it.
>
> Yes. the rating is INSTAL_1, but it should be a MUP!

I've been on-the-road for the past day travelling to Pittsburgh and only
now able to clarify my comment. I know it's listed INSTAL_1. That still
doesn't speak to it being a security issue. The description, IMHO, does
not describe the seriousness of this issue.

--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

.... pejorative statements of opinion are entitled to constitutional protection
no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC)

Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside
of usenet _must_ include its contents in its entirety including this copyright
notice, disclaimer and quotations.

In article , FrankS writes:
>On Aug 22, 5:00=A0am, "P. Sture" wrote:
>> I'd definitely recommend getting a spare pair, not only as a counter for
>> forgetfulness, but in case of a system failure (in my case the
>> unexpected chewing of my first pair by a puppy!).
>
>WalMart, K-Mart, and their ilk are your friend in this particular
>case. I've got 6 pairs of very cheap ($6 - $12) reading glasses
>scattered around the house and car. I even have one pair expressly to
>be left in the briefcase to avoid travelling mishaps. :-)

My Rx was a little more than cheap reading glasses... not at $400!


>Ah, the joys of advancing age.




--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

.... pejorative statements of opinion are entitled to constitutional protection
no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC)

Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside
of usenet _must_ include its contents in its entirety including this copyright
notice, disclaimer and quotations.

On Aug 23, 7:15*am, VAXman- @SendSpamHere.ORG wrote:
> My Rx was a little more than cheap reading glasses... not at $400!

Yeah, the prescription glasses cost me $600, and I never use them.
They had a "progressive" lens and my eyes just never got used to
them. The cheapo reading glasses do a great job. I'm going to try
traditional bifocals for driving and flying because the gps and
instruments are starting to enter the fuzzy viewing range.

On Aug 22, 10:56*am, DaveG wrote:
> On Aug 22, 8:41*am, "P. Sture" wrote:
>
>
>
>
>
> > In article ,
> > *koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote:
>
> > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, * VAXman- *@SendSpamHere.ORG
> > > writes:
> > > > FWIW, reading the patch description text (Yes, with my specs on), there
> > > > is nothing to indicate the severity of or need for applying this patch!
> > > > I'd wager that there are sites that will NEVER install this patch unless
> > > > they see some buffer overflow in SMG. *Unless this patch is listed as a
> > > > SECURITY patch, people not following what has been going on here for the
> > > > better part of a week will not install it.
>
> > > * *Yes. *the rating is INSTAL_1, but it should be a MUP!
>
> > I second that 100%!
>
> > --
> > Paul Sture
>
> FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1
> thingie.- Hide quoted text -
>
> - Show quoted text -

Got a reply. Was told the SMGRTL patch will become a MUP. Will also
be included as such in the next release of OpenVMS.

They listened.

On Aug 26, 3:46*pm, DaveG wrote:
> On Aug 22, 10:56*am, DaveG wrote:
>
>
>
> > On Aug 22, 8:41*am, "P. Sture" wrote:
>
> > > In article ,
> > > *koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote:
>
> > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, * VAXman- *@SendSpamHere.ORG
> > > > writes:
> > > > > FWIW, reading the patch description text (Yes, with my specs on),there
> > > > > is nothing to indicate the severity of or need for applying this patch!
> > > > > I'd wager that there are sites that will NEVER install this patchunless
> > > > > they see some buffer overflow in SMG. *Unless this patch is listed as a
> > > > > SECURITY patch, people not following what has been going on here for the
> > > > > better part of a week will not install it.
>
> > > > * *Yes. *the rating is INSTAL_1, but it should be a MUP!
>
> > > I second that 100%!
>
> > > --
> > > Paul Sture
>
> > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1
> > thingie.- Hide quoted text -
>
> > - Show quoted text -
>
> Got a reply. *Was told the SMGRTL patch will become a MUP. *Will also
> be included as such in the next release of OpenVMS.
>
> They listened.


Any news on a VAX version of the patch?

On Aug 26, 10:36*am, IanMiller wrote:
> On Aug 26, 3:46*pm, DaveG wrote:
>
>
>
>
>
> > On Aug 22, 10:56*am, DaveG wrote:
>
> > > On Aug 22, 8:41*am, "P. Sture" wrote:
>
> > > > In article ,
> > > > *koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote:
>
> > > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, * VAXman- *@SendSpamHere.ORG
> > > > > writes:
> > > > > > FWIW, reading the patch description text (Yes, with my specs on), there
> > > > > > is nothing to indicate the severity of or need for applying this patch!
> > > > > > I'd wager that there are sites that will NEVER install this patch unless
> > > > > > they see some buffer overflow in SMG. *Unless this patch is listed as a
> > > > > > SECURITY patch, people not following what has been going on here for the
> > > > > > better part of a week will not install it.
>
> > > > > * *Yes. *the rating is INSTAL_1, but it should be a MUP!
>
> > > > I second that 100%!
>
> > > > --
> > > > Paul Sture
>
> > > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1
> > > thingie.- Hide quoted text -
>
> > > - Show quoted text -
>
> > Got a reply. *Was told the SMGRTL patch will become a MUP. *Will also
> > be included as such in the next release of OpenVMS.
>
> > They listened.
>
> Any news on a VAX version of the patch?- Hide quoted text -
>
> - Show quoted text -

I didn't ask that question, nor the what of the no longer supported
versions.

On Aug 26, 10:36*am, IanMiller wrote:
> On Aug 26, 3:46*pm, DaveG wrote:
>
>
>
>
>
> > On Aug 22, 10:56*am, DaveG wrote:
>
> > > On Aug 22, 8:41*am, "P. Sture" wrote:
>
> > > > In article ,
> > > > *koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote:
>
> > > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, * VAXman- *@SendSpamHere.ORG
> > > > > writes:
> > > > > > FWIW, reading the patch description text (Yes, with my specs on), there
> > > > > > is nothing to indicate the severity of or need for applying this patch!
> > > > > > I'd wager that there are sites that will NEVER install this patch unless
> > > > > > they see some buffer overflow in SMG. *Unless this patch is listed as a
> > > > > > SECURITY patch, people not following what has been going on here for the
> > > > > > better part of a week will not install it.
>
> > > > > * *Yes. *the rating is INSTAL_1, but it should be a MUP!
>
> > > > I second that 100%!
>
> > > > --
> > > > Paul Sture
>
> > > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1
> > > thingie.- Hide quoted text -
>
> > > - Show quoted text -
>
> > Got a reply. *Was told the SMGRTL patch will become a MUP. *Will also
> > be included as such in the next release of OpenVMS.
>
> > They listened.
>
> Any news on a VAX version of the patch?- Hide quoted text -
>
> - Show quoted text -

I just asked the what about the VAX and unsupported versions
questions. When I get a reply, I'll update here.

On Aug 26, 11:27*am, DaveG wrote:
> On Aug 26, 10:36*am, IanMiller wrote:
>
>
>
>
>
> > On Aug 26, 3:46*pm, DaveG wrote:
>
> > > On Aug 22, 10:56*am, DaveG wrote:
>
> > > > On Aug 22, 8:41*am, "P. Sture" wrote:
>
> > > > > In article ,
> > > > > *koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote:
>
> > > > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, * VAXman- *@SendSpamHere.ORG
> > > > > > writes:
> > > > > > > FWIW, reading the patch description text (Yes, with my specs on), there
> > > > > > > is nothing to indicate the severity of or need for applying this patch!
> > > > > > > I'd wager that there are sites that will NEVER install this patch unless
> > > > > > > they see some buffer overflow in SMG. *Unless this patch islisted as a
> > > > > > > SECURITY patch, people not following what has been going on here for the
> > > > > > > better part of a week will not install it.
>
> > > > > > * *Yes. *the rating is INSTAL_1, but it should be a MUP!
>
> > > > > I second that 100%!
>
> > > > > --
> > > > > Paul Sture
>
> > > > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1
> > > > thingie.- Hide quoted text -
>
> > > > - Show quoted text -
>
> > > Got a reply. *Was told the SMGRTL patch will become a MUP. *Will also
> > > be included as such in the next release of OpenVMS.
>
> > > They listened.
>
> > Any news on a VAX version of the patch?- Hide quoted text -
>
> > - Show quoted text -
>
> I just asked the what about the VAX and unsupported versions
> questions. *When I get a reply, I'll update here.- Hide quoted text -
>
> - Show quoted text -

Answer just in:

The engineers are working through the version matrix. There is a MUP
in the works for VAX V7.3 which will be out shortly. My understanding
is they were unable to reproduce the problem on V6.2 VAX. The fixes
are being rolled out in a priority order and we will continue to work
through the version matrix with the focus on supported versions.

On Aug 26, 11:50*am, DaveG wrote:
> On Aug 26, 11:27*am, DaveG wrote:
>
>
>
> > On Aug 26, 10:36*am, IanMiller wrote:
>
> > > On Aug 26, 3:46*pm, DaveG wrote:
>
> > > > On Aug 22, 10:56*am, DaveG wrote:
>
> > > > > On Aug 22, 8:41*am, "P. Sture" wrote:
>
> > > > > > In article ,
> > > > > > *koeh...@eisner.nospam.encompasserve.org (Bob Koehler) wrote:
>
> > > > > > > In article <00A7E75B.E1A3D...@SendSpamHere.ORG>, * VAXman- *@SendSpamHere.ORG
> > > > > > > writes:
> > > > > > > > FWIW, reading the patch description text (Yes, with my specs on), there
> > > > > > > > is nothing to indicate the severity of or need for applyingthis patch!
> > > > > > > > I'd wager that there are sites that will NEVER install thispatch unless
> > > > > > > > they see some buffer overflow in SMG. *Unless this patch is listed as a
> > > > > > > > SECURITY patch, people not following what has been going onhere for the
> > > > > > > > better part of a week will not install it.
>
> > > > > > > * *Yes. *the rating is INSTAL_1, but it should be a MUP!
>
> > > > > > I second that 100%!
>
> > > > > > --
> > > > > > Paul Sture
>
> > > > > FWIW, I sent Ann Mc... a comment regarding the MUP Vs Install 1
> > > > > thingie.- Hide quoted text -
>
> > > > > - Show quoted text -
>
> > > > Got a reply. *Was told the SMGRTL patch will become a MUP. *Will also
> > > > be included as such in the next release of OpenVMS.
>
> > > > They listened.
>
> > > Any news on a VAX version of the patch?- Hide quoted text -
>
> > > - Show quoted text -
>
> > I just asked the what about the VAX and unsupported versions
> > questions. *When I get a reply, I'll update here.- Hide quoted text -
>
> > - Show quoted text -
>
> Answer just in:
>
> The engineers are working through the version matrix. There is a MUP
> in the works for VAX V7.3 which will be out shortly. *My understanding
> is they were unable to reproduce the problem on V6.2 VAX. The fixes
> are being rolled out in a priority order and we will continue to work
> through the version matrix with the focus on supported versions.

VAX/VMS V6.2 on a VS3100-30 manual test using INSTALL shared image
from a nonpriv'd process blows up as predicted. The problem is
present in that version.

Rich

Rich Jordan wrote:
> Any word, idea, hint, or rumor about when the VAX patch(es) will be
> made available?

> We still have two in service production
> Plus the workstation on my desk.

I'm wondering this as well. Any sign as to which versions will have a fix
released for this? I believe V5.5-2 is still fairly widely used, and I
personally would like to see the fix released for this version. Assuming of
course anyone at HP remembers what a VAX is.

Zane

SMGRTL patches are now MUP

In article <4cf0d3d4-abca-4619-a656-f24d57fab1a6@e39g2000hsf.googlegroups.com>, IanMiller writes:
>SMGRTL patches are now MUP



--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

.... pejorative statements of opinion are entitled to constitutional protection
no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC)

Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside
of usenet _must_ include its contents in its entirety including this copyright
notice, disclaimer and quotations.

The released patches for Alpha and I64 have been re-released as
MUPs.

In article <00A7EBA6.CB09275E@SendSpamHere.ORG>, VAXman- @SendSpamHere.ORG writes:
>In article <4cf0d3d4-abca-4619-a656-f24d57fab1a6@e39g2000hsf.googlegroups.com>, IanMiller writes:
>>SMGRTL patches are now MUP
>
>

This reads much better than the original patch kit description:

MUP : Must be installed by all customers.

This patch kit is a Mandatory Update kit (MUP). It corrects a
critical issue which, if left uncorrected, could result in a
non-privileged user compromising system security. All users must
install this patch as early as possible.

--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

.... pejorative statements of opinion are entitled to constitutional protection
no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC)

Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside
of usenet _must_ include its contents in its entirety including this copyright
notice, disclaimer and quotations.

In article , DaveG writes:
>
> The engineers are working through the version matrix. There is a MUP
> in the works for VAX V7.3 which will be out shortly. My understanding
> is they were unable to reproduce the problem on V6.2 VAX. The fixes
> are being rolled out in a priority order and we will continue to work
> through the version matrix with the focus on supported versions.

Good news. Now I wonder if we can get them to follow DEC's lead
and bother with the unsupported versions for such a high visibility
MUP.

I know of sites running 4.7, 5.5-2, and 6.1 on VAXen and Alphas.
The 4.7 system didn't have an IP stack loaded last time I looked,
so the finger problem is not an issue for them.

On Aug 27, 7:37*am, koeh...@eisner.nospam.encompasserve.org (Bob
Koehler) wrote:
> In article , DaveG writes:
>
>
>
> > The engineers are working through the version matrix. There is a MUP
> > in the works for VAX V7.3 which will be out shortly. *My understanding
> > is they were unable to reproduce the problem on V6.2 VAX. The fixes
> > are being rolled out in a priority order and we will continue to work
> > through the version matrix with the focus on supported versions.
>
> * *Good news. *Now I wonder if we can get them to follow DEC's lead
> * *and bother with the unsupported versions for such a high visibility
> * *MUP.
>
> * *I know of sites running 4.7, 5.5-2, and 6.1 on VAXen and Alphas.
> * *The 4.7 system didn't have an IP stack loaded last time I looked,
> * *so the finger problem is not an issue for them.

I just noticed on the ITRC patch site that the newly dubbed MUP is on
page 5, which is the last page, for 7.3-2 While I can't speak for
others, I rarely look at page 5. That's where most of the "older
stuff" lives. Also noticed that the "other" 732 MUP lives on page 1.

What was that line the Joker uttered that might fit here? Hint: the
boat scene on **page 5** (aka late) in the movie.

In article <00A7E878.73FD4197@SendSpamHere.ORG>,
VAXman- @SendSpamHere.ORG wrote:

> In article
> , FrankS
> writes:
> >On Aug 22, 5:00=A0am, "P. Sture" wrote:
> >> I'd definitely recommend getting a spare pair, not only as a counter for
> >> forgetfulness, but in case of a system failure (in my case the
> >> unexpected chewing of my first pair by a puppy!).
> >
> >WalMart, K-Mart, and their ilk are your friend in this particular
> >case. I've got 6 pairs of very cheap ($6 - $12) reading glasses
> >scattered around the house and car. I even have one pair expressly to
> >be left in the briefcase to avoid travelling mishaps. :-)
>
> My Rx was a little more than cheap reading glasses... not at $400!
>

Likewise. I need the proper prescription variety for driving.

--
Paul Sture