Date: Thu, 18 Feb 2016 18:27:09 +0100 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: freebsd-current <freebsd-current@freebsd.org> Subject: Re: CVE-2015-7547: critical bug in libc Message-ID: <20160218182709.2380b719.ohartman@zedat.fu-berlin.de> In-Reply-To: <20160217134003.GB57405@mutt-hardenedbsd> References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de> <20160217134003.GB57405@mutt-hardenedbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Am Wed, 17 Feb 2016 08:40:03 -0500 Shawn Webb <shawn.webb@hardenedbsd.org> schrieb: > On Wed, Feb 17, 2016 at 02:24:10PM +0100, O. Hartmann wrote: > > It is around now in the media also for non-OS developers: CVE-2015-7547 > > describes a bug in libc which is supposed to affects all Linux versions. > > > > big price question: is FreeBSD > 9.3 also affected? > > > > Some reporters tell us that Linux/UNIX is affected, so sometimes this terminus > > is used to prevent the "Linux-nailed" view, but sometimes it also referes to > > everything else those people can not imagine but consider them Linux-like. So > > I'm a bit puzzled, since there is no report about *BSD is affected, too. > > > > Thanks in advance for shedding light onto CVE-2015-7547. > > The project that's vulnerable is called "glibc", not "libc". The BSDs > don't use glibc, so the phrase "nothing to see here" applies. glibc > isn't even available in FreeBSD's ports tree. > > TL;DR: FreeBSD is not affected by CVE-2015-7547. > > Thanks, > The article, I refere to, did only mention "libc" and they used the terminus "Linux/UNIX", and this is usually associted by that Linux-folks with the rest of the UNIX-alike world after their precious Linux. I followed then the explanation of the CVE and that stated very clearly, that it is GNU libc. So, I feel better now, but a pity of all that stuff in routers, switches, security appliances utilizing Linux and the penetrated glic. :-) [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWxf7uAAoJEOgBcD7A/5N8RlAIAMDdY9NDFf6G8ElBKl7g/Kz6 Qu/UR45et0lkZoefVhS/T2mX0kM2bT3Jfw3oxE+JEHO2xwv8Xc1GPbu1qKaU+gSN u5EdS8U8WOZzgSkE49t7NJiV3byMZskMIe79CPN79YwVc+NlNt406YSVFzrtjzFW Ci+NCZfUpnh8MkfGrhyicgCwt5Q3vncE6xMykOeRxtUnnGGz26RrHZjmf25FAyl0 DuqD40o46IltXwQsILKY38dxkb8oP4sorvciE8tZc/2f3VywTraJtmnnsFQxwerP dikwge+3yqa+mtWFksZ737ktjoI0zVAw3woaydp3NzK735mxgZlID6Zm8+M/WRg= =+XEZ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160218182709.2380b719.ohartman>