From owner-freebsd-current@freebsd.org  Wed Feb 17 13:29:48 2016
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22687AAA1C8
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Wed, 17 Feb 2016 13:29:48 +0000 (UTC)
 (envelope-from ohartman@zedat.fu-berlin.de)
Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de
 [130.133.4.66])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id DBF5F1CB8
 for <freebsd-current@freebsd.org>; Wed, 17 Feb 2016 13:29:47 +0000 (UTC)
 (envelope-from ohartman@zedat.fu-berlin.de)
Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69])
 by outpost.zedat.fu-berlin.de (Exim 4.85)
 for freebsd-current@freebsd.org with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
 (envelope-from <ohartman@zedat.fu-berlin.de>)
 id <1aW25Z-001uZA-L4>; Wed, 17 Feb 2016 14:24:17 +0100
Received: from p578a69f9.dip0.t-ipconnect.de ([87.138.105.249]
 helo=freyja.zeit4.iv.bundesimmobilien.de)
 by inpost2.zedat.fu-berlin.de (Exim 4.85)
 for freebsd-current@freebsd.org with esmtpsa (TLSv1.2:AES128-GCM-SHA256:128)
 (envelope-from <ohartman@zedat.fu-berlin.de>)
 id <1aW25Z-0024qk-8I>; Wed, 17 Feb 2016 14:24:17 +0100
Date: Wed, 17 Feb 2016 14:24:10 +0100
From: "O. Hartmann" <ohartman@zedat.fu-berlin.de>
To: freebsd-current <freebsd-current@freebsd.org>
Subject: CVE-2015-7547: critical bug in libc
Message-ID: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de>
Organization: FU Berlin
X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.29; amd64-portbld-freebsd11.0)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Originating-IP: 87.138.105.249
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Feb 2016 13:29:48 -0000

It is around now in the media also for non-OS developers: CVE-2015-7547
describes a bug in libc which is supposed to affects all Linux versions.

big price question: is FreeBSD > 9.3 also affected?

Some reporters tell us that Linux/UNIX is affected, so sometimes this terminus
is used to prevent the "Linux-nailed" view, but sometimes it also referes to
everything else those people can not imagine but consider them Linux-like. So
I'm a bit puzzled, since there is no report about *BSD is affected, too.

Thanks in advance for shedding light onto CVE-2015-7547.

Regards,

oh