From owner-freebsd-current@freebsd.org Wed Feb 17 13:40:08 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F4177AAA71A for ; Wed, 17 Feb 2016 13:40:07 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qg0-x230.google.com (mail-qg0-x230.google.com [IPv6:2607:f8b0:400d:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AD7C9130E for ; Wed, 17 Feb 2016 13:40:07 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qg0-x230.google.com with SMTP id y9so11683883qgd.3 for ; Wed, 17 Feb 2016 05:40:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=wPmJKsCjOZhP2yaM8ArNUUmitjhIo8+nLjjp61X+hXY=; b=ugjTz4Ae4yGwGqDAp8wTmOXiDUXyiss47M/990DPvf3BpHjvJLU3vCA1yFQ1q8jOqi wHP3GzHAB5PkcJq5QNmejwzc3ZWKnps2yUNxojAZlih6F1He3dzysRvXPOiGqBM1UQcV fbd6g0RUKqEhIf1j2ng1SsvsdbAQ368pnatv7S4gjS64OS0wUg9Ny0Khh+tzS0qBgqZd xGwXNRU4ZNTTh0Xpj+K0hEMKxd4V3yDS8VtiF4kRoWYqukU/0sp+1gIKIP5gPc50W0RA VrmIOXIVIEyf/DStKE19iLGTIo1z/yTsRe7urNe3vLY3/VTMNyTJ3RnBkWENyyae6Ovy VBSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=wPmJKsCjOZhP2yaM8ArNUUmitjhIo8+nLjjp61X+hXY=; b=mqaWx8dWb4HOgX8shDKqv9DqnEKlZ0FRgd9Hbq8FT4rV0KD6tYgHovIwBi4x2QopNQ a54wIxuHBJJRYEqk8EUBTtqGVzDp6akzjdr35rA27pXdORaxNwkfMrAkQ6jZ8h8pBvbE XO53xa5+GsUZwUeVxDYy72hoaIWCAgXSztM6aFcUe/Hzf+rdGmH8cPbv2Epkbu8bguUj HX2EWgrn6egwSZnD5vVFMfGdUcKiClIoBFyit3+dp15X+tj9IGw4kLijXSZqyeuQq2Te e+Ye2X04ZjS5s+b8ZPtXsrhJtLn/cq967pvUB4wmuKmigPLjMv+5w0vETQcc6J+aDLnS SgpA== X-Gm-Message-State: AG10YOQSFfG/lDluhY50h1g95CuQqGwbas8LtvQTTwueslnlsugVRq41vpd6HV9fi68SIDmA X-Received: by 10.140.91.109 with SMTP id y100mr1890441qgd.42.1455716406795; Wed, 17 Feb 2016 05:40:06 -0800 (PST) Received: from mutt-hardenedbsd (c-73-135-80-144.hsd1.md.comcast.net. [73.135.80.144]) by smtp.gmail.com with ESMTPSA id a196sm495166qha.49.2016.02.17.05.40.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Feb 2016 05:40:05 -0800 (PST) Date: Wed, 17 Feb 2016 08:40:03 -0500 From: Shawn Webb To: "O. Hartmann" Cc: freebsd-current Subject: Re: CVE-2015-7547: critical bug in libc Message-ID: <20160217134003.GB57405@mutt-hardenedbsd> References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="EuxKj2iCbKjpUGkD" Content-Disposition: inline In-Reply-To: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de> X-Operating-System: FreeBSD mutt-hardenedbsd 11.0-CURRENT-HBSD FreeBSD 11.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Feb 2016 13:40:08 -0000 --EuxKj2iCbKjpUGkD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 17, 2016 at 02:24:10PM +0100, O. Hartmann wrote: > It is around now in the media also for non-OS developers: CVE-2015-7547 > describes a bug in libc which is supposed to affects all Linux versions. >=20 > big price question: is FreeBSD > 9.3 also affected? >=20 > Some reporters tell us that Linux/UNIX is affected, so sometimes this ter= minus > is used to prevent the "Linux-nailed" view, but sometimes it also referes= to > everything else those people can not imagine but consider them Linux-like= =2E So > I'm a bit puzzled, since there is no report about *BSD is affected, too. >=20 > Thanks in advance for shedding light onto CVE-2015-7547. The project that's vulnerable is called "glibc", not "libc". The BSDs don't use glibc, so the phrase "nothing to see here" applies. glibc isn't even available in FreeBSD's ports tree. TL;DR: FreeBSD is not affected by CVE-2015-7547. Thanks, --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --EuxKj2iCbKjpUGkD Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWxHgxAAoJEGqEZY9SRW7uBLYP/1NNgED/9wm8czihM0RtUfK0 Wx9zYKf/QWwp8zPFKKnb67mh+ZN6n0kzTYdMEfyCAZs0wt4Rdi3vj6aCD66zTlfA 9lkS6s75Y6WxZCv5eW/+5bloPWhIdNV7tYOat+GdPIkJrA/WkUZFz6EQQL7s9mMR KG2BI+YHCrV/WQGSYn8Uuo/CaHqDcxxt+3ns/4YUu9RT6NwXCqYV0hUWF75Kj2Zt CKGdbpTZmFpTCEEumYmxRWQjxtbiq40erUagA0oV1aGvRfBDrR9vKJ8BBAETTi0O wO+k7QO0YKQ5zuKDuA7CiaUM9k/KqyaFQP1CQvY0oZKSiBDNC/1oNFX9+dc1j27P l2E9uCpRzXTGB8bJXQHmVV24GAcF3Osbdi4/as57tFA3laQFx7z0/tLUpJYst6Qi MYK/Qdhe1n8jOWjInOmKffNsh++ECrjMEPnzzDDLjVYn30y1aKf5FnXwBpkwCzzW V3wazWerdglJYOuhpZaolvlIJYzpf9+AMLEfmNfw3L5fXZ36H9WubOCJFtpwb7kH LHIhslg/d1qUGthPV+h0aJMV4u/W4aL88rXbjDdeWL+sIBX1REZP+NePW9LPZpHH gnK6JE1oaYVMWvn/id7NpFm+6s/8JbXXfrg/VaPMM8LpXXyDAGC2RSv3xX7Wp7sh ZwSuy5cU/VyiL8QuckMM =Ta5F -----END PGP SIGNATURE----- --EuxKj2iCbKjpUGkD--