CVE-2015-7547: critical bug in libc

Shawn Webb shawn.webb at
Wed Feb 17 13:40:08 UTC 2016

On Wed, Feb 17, 2016 at 02:24:10PM +0100, O. Hartmann wrote:
> It is around now in the media also for non-OS developers: CVE-2015-7547
> describes a bug in libc which is supposed to affects all Linux versions.
> big price question: is FreeBSD > 9.3 also affected?
> Some reporters tell us that Linux/UNIX is affected, so sometimes this terminus
> is used to prevent the "Linux-nailed" view, but sometimes it also referes to
> everything else those people can not imagine but consider them Linux-like. So
> I'm a bit puzzled, since there is no report about *BSD is affected, too.
> Thanks in advance for shedding light onto CVE-2015-7547.

The project that's vulnerable is called "glibc", not "libc". The BSDs
don't use glibc, so the phrase "nothing to see here" applies. glibc
isn't even available in FreeBSD's ports tree.

TL;DR: FreeBSD is not affected by CVE-2015-7547.


Shawn Webb

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <>

More information about the freebsd-current mailing list