Re: CVE-2015-7547: critical bug in libc

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Wed, 17 Feb 2016 08:40:03 -0500
On Wed, Feb 17, 2016 at 02:24:10PM +0100, O. Hartmann wrote:
> It is around now in the media also for non-OS developers: CVE-2015-7547
> describes a bug in libc which is supposed to affects all Linux versions.
> 
> big price question: is FreeBSD > 9.3 also affected?
> 
> Some reporters tell us that Linux/UNIX is affected, so sometimes this terminus
> is used to prevent the "Linux-nailed" view, but sometimes it also referes to
> everything else those people can not imagine but consider them Linux-like. So
> I'm a bit puzzled, since there is no report about *BSD is affected, too.
> 
> Thanks in advance for shedding light onto CVE-2015-7547.

The project that's vulnerable is called "glibc", not "libc". The BSDs
don't use glibc, so the phrase "nothing to see here" applies. glibc
isn't even available in FreeBSD's ports tree.

TL;DR: FreeBSD is not affected by CVE-2015-7547.

Thanks,

-- 
Shawn Webb
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

Received on Wed Feb 17 2016 - 12:40:08 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:02 UTC