From owner-freebsd-questions@FreeBSD.ORG  Wed Jan 28 21:15:12 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 996DBC45
 for <freebsd-questions@freebsd.org>; Wed, 28 Jan 2015 21:15:12 +0000 (UTC)
Received: from avasout07.plus.net (avasout07.plus.net [84.93.230.235])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client CN "Bizanga Labs SMTP Client Certificate",
 Issuer "Bizanga Labs CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2B7FAFB2
 for <freebsd-questions@freebsd.org>; Wed, 28 Jan 2015 21:15:11 +0000 (UTC)
Received: from curlew.milibyte.co.uk ([84.92.153.232]) by avasout07 with smtp
 id lZF61p00B516WCc01ZF7mH; Wed, 28 Jan 2015 21:15:07 +0000
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.1 cv=TqhohVnh c=1 sm=1 tr=0
 a=lfSX4pPLp9EkufIcToJk/A==:117 a=lfSX4pPLp9EkufIcToJk/A==:17 a=D7rCoLxHAAAA:8
 a=0Bzu9jTXAAAA:8 a=kj9zAlcOel0A:10 a=YNv0rlydsVwA:10 a=AfEfcmvjAAAA:8
 a=eu7-mJZ4AAAA:8 a=6I5d2MoRAAAA:8 a=wIoS1S5q7mizDJT0D1gA:9 a=CjuIK1q_8ugA:10
 a=QS-zhIznbEYA:10 a=bJEULNVhwhEA:10
Received: from curlew.lan ([192.168.1.13])
 by curlew.milibyte.co.uk with esmtp (Exim 4.85)
 (envelope-from <mike@milibyte.co.uk>) id 1YGZx0-0000vp-Ip
 for freebsd-questions@freebsd.org; Wed, 28 Jan 2015 21:15:06 +0000
Date: Wed, 28 Jan 2015 21:15:02 +0000
From: Mike Clarke <mike@milibyte.co.uk>
To: freebsd-questions@freebsd.org
Message-ID: <20150128211502.265ec2e0@curlew.lan>
In-Reply-To: <20150128145247.5086e9a4@scorpio>
References: <20150128145247.5086e9a4@scorpio>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; amd64-portbld-freebsd10.0)
MIME-Version: 1.0
X-SA-Exim-Connect-IP: 192.168.1.13
X-SA-Exim-Mail-From: mike@milibyte.co.uk
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on curlew.lan
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=ham autolearn_force=no version=3.4.0
Subject: Re: Linux "Ghost" Remote Code Execution Vulnerability
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on curlew.milibyte.co.uk)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jan 2015 21:15:12 -0000

On Wed, 28 Jan 2015 14:52:47 -0500
Jerry <jerry@seibercom.net> wrote:

> Does this vulnerability affect FreeBSD?
> 
> https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability

Yes, this morning pkg audit returned this:

linux_base-c6-6.6_1 is vulnerable:
glibc -- gethostbyname buffer overflow
CVE: CVE-2015-0235
WWW:
http://vuxml.FreeBSD.org/freebsd/0765de84-a6c1-11e4-a0c1-c485083ca99c.html

But 6.6_2 which uses a GHOST-free version of glibc was committed to
ports earlier today.

-- 
Mike Clarke