Re: CVE-2015-7547: critical bug in libc

2016-02-25 Thread Joe Holden
On 22/02/2016 00:04, Chris H wrote: On Thu, 18 Feb 2016 08:39:32 -0600 (CST) Dan Mack wrote On Thu, 18 Feb 2016, Joe Holden wrote: On 17/02/2016 14:07, Daniel Kalchev wrote: On 17.02.2016 ?., at 15:40, Shawn Webb wrote: >>> TL;DR: FreeBSD

Re: CVE-2015-7547: critical bug in libc

2016-02-21 Thread Chris H
On Thu, 18 Feb 2016 08:39:32 -0600 (CST) Dan Mack wrote > On Thu, 18 Feb 2016, Joe Holden wrote: > > > On 17/02/2016 14:07, Daniel Kalchev wrote: > >> > >>> On 17.02.2016 ?., at 15:40, Shawn Webb > >>> wrote: >>> > >>> TL;DR: FreeBSD is not

Re: CVE-2015-7547: critical bug in libc

2016-02-18 Thread Kurt Jaeger
Hi! > > A short note on the www.freebsd.org website would probably be helpful, > > as this case will produce a lot of noise. > I'd like to second this! This could be some kind of use for the > further propagation of FreeBSD! > Many people asked me since yesterday, whether the operating system I

Re: CVE-2015-7547: critical bug in libc

2016-02-18 Thread O. Hartmann
Am Wed, 17 Feb 2016 14:50:28 +0100 Kurt Jaeger schrieb: > Hi! > > > The project that's vulnerable is called "glibc", not "libc". The BSDs > > don't use glibc, so the phrase "nothing to see here" applies. glibc > > isn't even available in FreeBSD's ports tree. > > > > TL;DR:

Re: CVE-2015-7547: critical bug in libc

2016-02-18 Thread O. Hartmann
Am Wed, 17 Feb 2016 08:40:03 -0500 Shawn Webb schrieb: > On Wed, Feb 17, 2016 at 02:24:10PM +0100, O. Hartmann wrote: > > It is around now in the media also for non-OS developers: CVE-2015-7547 > > describes a bug in libc which is supposed to affects all Linux

Re: CVE-2015-7547: critical bug in libc

2016-02-18 Thread Dan Mack
On Thu, 18 Feb 2016, Joe Holden wrote: On 17/02/2016 14:07, Daniel Kalchev wrote: On 17.02.2016 ?., at 15:40, Shawn Webb wrote: TL;DR: FreeBSD is not affected by CVE-2015-7547. Unless you use Linux applications under emulation. Daniel Which is supported by

Re: CVE-2015-7547: critical bug in libc

2016-02-18 Thread Joe Holden
On 17/02/2016 14:07, Daniel Kalchev wrote: On 17.02.2016 г., at 15:40, Shawn Webb wrote: TL;DR: FreeBSD is not affected by CVE-2015-7547. Unless you use Linux applications under emulation. Daniel Which is supported by ports so at most it should be a ports

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Kubilay Kocak
On 18/02/2016 4:23 AM, Warren Block wrote: > On Thu, 18 Feb 2016, Kubilay Kocak wrote: > >> On 18/02/2016 3:51 AM, Warren Block wrote: >>> On Wed, 17 Feb 2016, Eric van Gyzen wrote: >>> On 02/17/2016 08:19, Warren Block wrote: > On Wed, 17 Feb 2016, Kurt Jaeger wrote: > >> A

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Warren Block
On Thu, 18 Feb 2016, Kubilay Kocak wrote: On 18/02/2016 3:51 AM, Warren Block wrote: On Wed, 17 Feb 2016, Eric van Gyzen wrote: On 02/17/2016 08:19, Warren Block wrote: On Wed, 17 Feb 2016, Kurt Jaeger wrote: A short note on the www.freebsd.org website would probably be helpful, as this

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Kubilay Kocak
On 18/02/2016 3:51 AM, Warren Block wrote: > On Wed, 17 Feb 2016, Eric van Gyzen wrote: > >> On 02/17/2016 08:19, Warren Block wrote: >>> On Wed, 17 Feb 2016, Kurt Jaeger wrote: >>> A short note on the www.freebsd.org website would probably be helpful, as this case will produce a lot of

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Warren Block
On Wed, 17 Feb 2016, Eric van Gyzen wrote: On 02/17/2016 08:19, Warren Block wrote: On Wed, 17 Feb 2016, Kurt Jaeger wrote: A short note on the www.freebsd.org website would probably be helpful, as this case will produce a lot of noise. Maybe a short article like we did for leap seconds?

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Eric van Gyzen
On 02/17/2016 08:19, Warren Block wrote: > On Wed, 17 Feb 2016, Kurt Jaeger wrote: > >> A short note on the www.freebsd.org website would probably be helpful, >> as this case will produce a lot of noise. > > Maybe a short article like we did for leap seconds? >

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Chagin Dmitry
On Wed, Feb 17, 2016 at 07:19:07AM -0700, Warren Block wrote: > On Wed, 17 Feb 2016, Kurt Jaeger wrote: > > > Hi! > > > >> The project that's vulnerable is called "glibc", not "libc". The BSDs > >> don't use glibc, so the phrase "nothing to see here" applies. glibc > >> isn't even available in

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Daniel Kalchev
> On 17.02.2016 г., at 15:40, Shawn Webb wrote: > > TL;DR: FreeBSD is not affected by CVE-2015-7547. Unless you use Linux applications under emulation. Daniel signature.asc Description: Message signed with OpenPGP using GPGMail

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Kurt Jaeger
Hi! > >> TL;DR: FreeBSD is not affected by CVE-2015-7547. > > What about software that uses emulators/linux_base? > > > A short note on the www.freebsd.org website would probably be helpful, > > as this case will produce a lot of noise. > > Maybe a short article like we did for leap seconds? >

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Warren Block
On Wed, 17 Feb 2016, Kurt Jaeger wrote: Hi! The project that's vulnerable is called "glibc", not "libc". The BSDs don't use glibc, so the phrase "nothing to see here" applies. glibc isn't even available in FreeBSD's ports tree. TL;DR: FreeBSD is not affected by CVE-2015-7547. What about

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Shawn Webb
On Wed, Feb 17, 2016 at 04:07:25PM +0200, Daniel Kalchev wrote: > > > On 17.02.2016 ??., at 15:40, Shawn Webb wrote: > > > > TL;DR: FreeBSD is not affected by CVE-2015-7547. > > > Unless you use Linux applications under emulation. True. I didn't think of that

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Kurt Jaeger
Hi! > The project that's vulnerable is called "glibc", not "libc". The BSDs > don't use glibc, so the phrase "nothing to see here" applies. glibc > isn't even available in FreeBSD's ports tree. > > TL;DR: FreeBSD is not affected by CVE-2015-7547. A short note on the www.freebsd.org website

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Tommi Pernila
Hi, as Shawn types faster then me... the libc issue has been found from glibc which is not used in the BSD family. This is the affected libc https://en.wikipedia.org/wiki/GNU_C_Library What FreeBSD uses: https://en.wikipedia.org/wiki/BSD_libc -Tommi On Wed, Feb 17, 2016 at 3:24 PM, O.

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Shawn Webb
On Wed, Feb 17, 2016 at 02:24:10PM +0100, O. Hartmann wrote: > It is around now in the media also for non-OS developers: CVE-2015-7547 > describes a bug in libc which is supposed to affects all Linux versions. > > big price question: is FreeBSD > 9.3 also affected? > > Some reporters tell us

CVE-2015-7547: critical bug in libc

2016-02-17 Thread O. Hartmann
It is around now in the media also for non-OS developers: CVE-2015-7547 describes a bug in libc which is supposed to affects all Linux versions. big price question: is FreeBSD > 9.3 also affected? Some reporters tell us that Linux/UNIX is affected, so sometimes this terminus is used to prevent