Date: Wed, 17 Feb 2016 08:40:03 -0500 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: "O. Hartmann" <ohartman@zedat.fu-berlin.de> Cc: freebsd-current <freebsd-current@freebsd.org> Subject: Re: CVE-2015-7547: critical bug in libc Message-ID: <20160217134003.GB57405@mutt-hardenedbsd> In-Reply-To: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de> References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--EuxKj2iCbKjpUGkD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 17, 2016 at 02:24:10PM +0100, O. Hartmann wrote: > It is around now in the media also for non-OS developers: CVE-2015-7547 > describes a bug in libc which is supposed to affects all Linux versions. >=20 > big price question: is FreeBSD > 9.3 also affected? >=20 > Some reporters tell us that Linux/UNIX is affected, so sometimes this ter= minus > is used to prevent the "Linux-nailed" view, but sometimes it also referes= to > everything else those people can not imagine but consider them Linux-like= =2E So > I'm a bit puzzled, since there is no report about *BSD is affected, too. >=20 > Thanks in advance for shedding light onto CVE-2015-7547. The project that's vulnerable is called "glibc", not "libc". The BSDs don't use glibc, so the phrase "nothing to see here" applies. glibc isn't even available in FreeBSD's ports tree. TL;DR: FreeBSD is not affected by CVE-2015-7547. Thanks, --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --EuxKj2iCbKjpUGkD Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWxHgxAAoJEGqEZY9SRW7uBLYP/1NNgED/9wm8czihM0RtUfK0 Wx9zYKf/QWwp8zPFKKnb67mh+ZN6n0kzTYdMEfyCAZs0wt4Rdi3vj6aCD66zTlfA 9lkS6s75Y6WxZCv5eW/+5bloPWhIdNV7tYOat+GdPIkJrA/WkUZFz6EQQL7s9mMR KG2BI+YHCrV/WQGSYn8Uuo/CaHqDcxxt+3ns/4YUu9RT6NwXCqYV0hUWF75Kj2Zt CKGdbpTZmFpTCEEumYmxRWQjxtbiq40erUagA0oV1aGvRfBDrR9vKJ8BBAETTi0O wO+k7QO0YKQ5zuKDuA7CiaUM9k/KqyaFQP1CQvY0oZKSiBDNC/1oNFX9+dc1j27P l2E9uCpRzXTGB8bJXQHmVV24GAcF3Osbdi4/as57tFA3laQFx7z0/tLUpJYst6Qi MYK/Qdhe1n8jOWjInOmKffNsh++ECrjMEPnzzDDLjVYn30y1aKf5FnXwBpkwCzzW V3wazWerdglJYOuhpZaolvlIJYzpf9+AMLEfmNfw3L5fXZ36H9WubOCJFtpwb7kH LHIhslg/d1qUGthPV+h0aJMV4u/W4aL88rXbjDdeWL+sIBX1REZP+NePW9LPZpHH gnK6JE1oaYVMWvn/id7NpFm+6s/8JbXXfrg/VaPMM8LpXXyDAGC2RSv3xX7Wp7sh ZwSuy5cU/VyiL8QuckMM =Ta5F -----END PGP SIGNATURE----- --EuxKj2iCbKjpUGkD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160217134003.GB57405>