From owner-freebsd-current@freebsd.org Thu Feb 18 17:27:13 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3F22AAAD1AF for ; Thu, 18 Feb 2016 17:27:13 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 01E0722D for ; Thu, 18 Feb 2016 17:27:12 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.85) with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (envelope-from ) id <1aWSMB-002swe-0f>; Thu, 18 Feb 2016 18:27:11 +0100 Received: from f052131134.adsl.alicedsl.de ([78.52.131.134] helo=thor.walstatt.dynvpn.de) by inpost2.zedat.fu-berlin.de (Exim 4.85) with esmtpsa (TLSv1.2:AES128-GCM-SHA256:128) (envelope-from ) id <1aWSMA-000BCi-MJ>; Thu, 18 Feb 2016 18:27:10 +0100 Date: Thu, 18 Feb 2016 18:27:09 +0100 From: "O. Hartmann" To: Shawn Webb Cc: freebsd-current Subject: Re: CVE-2015-7547: critical bug in libc Message-ID: <20160218182709.2380b719.ohartman@zedat.fu-berlin.de> In-Reply-To: <20160217134003.GB57405@mutt-hardenedbsd> References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de> <20160217134003.GB57405@mutt-hardenedbsd> Organization: FU Berlin X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.29; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/rjY1OGvjYDJSxrPce3Rs8SU"; protocol="application/pgp-signature" X-Originating-IP: 78.52.131.134 X-ZEDAT-Hint: A X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Feb 2016 17:27:13 -0000 --Sig_/rjY1OGvjYDJSxrPce3Rs8SU Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Wed, 17 Feb 2016 08:40:03 -0500 Shawn Webb schrieb: > On Wed, Feb 17, 2016 at 02:24:10PM +0100, O. Hartmann wrote: > > It is around now in the media also for non-OS developers: CVE-2015-7547 > > describes a bug in libc which is supposed to affects all Linux versions. > >=20 > > big price question: is FreeBSD > 9.3 also affected? > >=20 > > Some reporters tell us that Linux/UNIX is affected, so sometimes this t= erminus > > is used to prevent the "Linux-nailed" view, but sometimes it also refer= es to > > everything else those people can not imagine but consider them Linux-li= ke. So > > I'm a bit puzzled, since there is no report about *BSD is affected, too. > >=20 > > Thanks in advance for shedding light onto CVE-2015-7547. =20 >=20 > The project that's vulnerable is called "glibc", not "libc". The BSDs > don't use glibc, so the phrase "nothing to see here" applies. glibc > isn't even available in FreeBSD's ports tree. >=20 > TL;DR: FreeBSD is not affected by CVE-2015-7547. >=20 > Thanks, >=20 The article, I refere to, did only mention "libc" and they used the terminus "Linux/UNIX", and this is usually associted by that Linux-folks with the re= st of the UNIX-alike world after their precious Linux. I followed then the explanation of the CVE and that stated very clearly, th= at it is GNU libc. So, I feel better now, but a pity of all that stuff in routers, switc= hes, security appliances utilizing Linux and the penetrated glic. :-) --Sig_/rjY1OGvjYDJSxrPce3Rs8SU Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWxf7uAAoJEOgBcD7A/5N8RlAIAMDdY9NDFf6G8ElBKl7g/Kz6 Qu/UR45et0lkZoefVhS/T2mX0kM2bT3Jfw3oxE+JEHO2xwv8Xc1GPbu1qKaU+gSN u5EdS8U8WOZzgSkE49t7NJiV3byMZskMIe79CPN79YwVc+NlNt406YSVFzrtjzFW Ci+NCZfUpnh8MkfGrhyicgCwt5Q3vncE6xMykOeRxtUnnGGz26RrHZjmf25FAyl0 DuqD40o46IltXwQsILKY38dxkb8oP4sorvciE8tZc/2f3VywTraJtmnnsFQxwerP dikwge+3yqa+mtWFksZ737ktjoI0zVAw3woaydp3NzK735mxgZlID6Zm8+M/WRg= =+XEZ -----END PGP SIGNATURE----- --Sig_/rjY1OGvjYDJSxrPce3Rs8SU--