Linux "Ghost" Remote Code Execution Vulnerability
Mike Clarke
mike at milibyte.co.uk
Wed Jan 28 21:15:12 UTC 2015
On Wed, 28 Jan 2015 14:52:47 -0500
Jerry <jerry at seibercom.net> wrote:
> Does this vulnerability affect FreeBSD?
>
> https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability
Yes, this morning pkg audit returned this:
linux_base-c6-6.6_1 is vulnerable:
glibc -- gethostbyname buffer overflow
CVE: CVE-2015-0235
WWW:
http://vuxml.FreeBSD.org/freebsd/0765de84-a6c1-11e4-a0c1-c485083ca99c.html
But 6.6_2 which uses a GHOST-free version of glibc was committed to
ports earlier today.
--
Mike Clarke
More information about the freebsd-questions
mailing list