CVE-2015-7547: critical bug in libc
O. Hartmann
ohartman at zedat.fu-berlin.de
Thu Feb 18 17:27:13 UTC 2016
Am Wed, 17 Feb 2016 08:40:03 -0500
Shawn Webb <shawn.webb at hardenedbsd.org> schrieb:
> On Wed, Feb 17, 2016 at 02:24:10PM +0100, O. Hartmann wrote:
> > It is around now in the media also for non-OS developers: CVE-2015-7547
> > describes a bug in libc which is supposed to affects all Linux versions.
> >
> > big price question: is FreeBSD > 9.3 also affected?
> >
> > Some reporters tell us that Linux/UNIX is affected, so sometimes this terminus
> > is used to prevent the "Linux-nailed" view, but sometimes it also referes to
> > everything else those people can not imagine but consider them Linux-like. So
> > I'm a bit puzzled, since there is no report about *BSD is affected, too.
> >
> > Thanks in advance for shedding light onto CVE-2015-7547.
>
> The project that's vulnerable is called "glibc", not "libc". The BSDs
> don't use glibc, so the phrase "nothing to see here" applies. glibc
> isn't even available in FreeBSD's ports tree.
>
> TL;DR: FreeBSD is not affected by CVE-2015-7547.
>
> Thanks,
>
The article, I refere to, did only mention "libc" and they used the terminus
"Linux/UNIX", and this is usually associted by that Linux-folks with the rest of the
UNIX-alike world after their precious Linux.
I followed then the explanation of the CVE and that stated very clearly, that it is GNU
libc. So, I feel better now, but a pity of all that stuff in routers, switches, security
appliances utilizing Linux and the penetrated glic. :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20160218/ee8ad947/attachment.sig>
More information about the freebsd-current
mailing list