Date: Wed, 28 Jan 2015 21:15:02 +0000 From: Mike Clarke <mike@milibyte.co.uk> To: freebsd-questions@freebsd.org Subject: Re: Linux "Ghost" Remote Code Execution Vulnerability Message-ID: <20150128211502.265ec2e0@curlew.lan> In-Reply-To: <20150128145247.5086e9a4@scorpio> References: <20150128145247.5086e9a4@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Jan 2015 14:52:47 -0500 Jerry <jerry@seibercom.net> wrote: > Does this vulnerability affect FreeBSD? > > https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability Yes, this morning pkg audit returned this: linux_base-c6-6.6_1 is vulnerable: glibc -- gethostbyname buffer overflow CVE: CVE-2015-0235 WWW: http://vuxml.FreeBSD.org/freebsd/0765de84-a6c1-11e4-a0c1-c485083ca99c.html But 6.6_2 which uses a GHOST-free version of glibc was committed to ports earlier today. -- Mike Clarke
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150128211502.265ec2e0>