This was posted in the News subforum earlier today: http://daemonforums.org/showthread.php?t=10005
But, as your question is OpenBSD-specific, please note that a discussion thread has begun on the misc@ mailing list:
Peter Hansteen, author of The Book of PF, noted in his reply to that thread (highlight mine):
The paper has no(!) references to OpenBSD, they never show any actual code, and it appears that this is a local exploit that seems to require that the victim and spy processes share the same virtual address space, meaning that ASLR isn't actually enabled.