Open Source Adapted Bicycle Pedal Comes to the Rescue
Accessibility has always been important to designers of open source software. Now that open source has come to design, that's more true than ever, as demonstrated with this open source bicycle
Linux Action Show to End Eleven-Year Run at LFNW
Six more episodes before the popular Linux podcast, Linux Action Show, ends its nearly 11-year run in a live broadcast from LinuxFest Northwest.


Jupiter Broadcasting's long-running
Dealing With Real-Life, Everyday Security Threats
No one has ever been shot by a hacker who was breaking into their computer through the Internet. Not so for thieves coming in through the back door.

Roblimo's Hideaway

I wrote a piece
Four Things a New Linux User Should Know
When you move from "that other operating system" to Linux, you're going to find that in most ways you'll be in familiar territory. However, that's not always the case. We sometimes do things a little differently
The Future of Desktop Ubuntu
With all the changes happening at Canonical, you might wonder what this means for the future of desktop Ubuntu, besides the return to the GNOME desktop.

There hasn't been this much news about a single Linux distro
Libreboot Reorganizes: Seeks to Make Amends
It appears the people developing Libreboot have done some of the hard work necessary to fix potentially toxic personal dynamics after last year's controversy, when the project removed itself from the
It's Windows Time in Linux Land Again
Using Windows. What a horrible thing to ask a Linux user to do.
February 18th, 2016

FreeBSD, Variants Not Affected by Recent GNU Bug

Larry the BSD Guy

The glibc security vulnerability that Linux developers have been scrambling to patch does not affect *BSD.

Much has been made about a vulnerability in a function in the GNU C Library. And searching far and wide over the Internet, there was little — actually nothing — I could find regarding how this affected BSD variants.

However, you can rest easy, BSDers: Not our circus, not our monkeys.

Dag-Erling Smørgrav, a FreeBSD developer since 1998 and a former FreeBSD Security Officer, writes in his blog that “neither FreeBSD itself nor native FreeBSD applications are affected.”

He explains further: “While the resolver in FreeBSD’s libc and GNU libc share a common ancestry, the bug was introduced when the latter was rewritten to send A and AAAA queries in parallel rather than sequentially when the application requests both.”

Smørgrav doesn’t stop there, though. To his credit, he also offers solutions for those who may be affected — “The issue can be mitigated by only using resolvers you trust, and configuring them to avoid sending responses which can trigger the bug.” And from there, he goes into a lengthy and detailed solution explanation which, personally, is proverbially far above my balding head (which, truthfully, isn’t saying much in the realm of servers and security).

Smørgrav’s blog item is worth a read, especially if you know about the intricacies of this particular issue. Even if you don’t and want to take a look, the time reading it is well-spent; however if you’re a neophyte like me, keep Google handy. Speaking as someone who is rapidly, albeit haphazardly, getting up to speed on BSD, I am grateful for the work done by those involved with BSD in keeping us informed and keeping things running smoothly.

See you next week.

Editor note: Article updated on February 19, 2016 at 10:25 a.m. to identify Dag-Erling Smørgrav as a former security officer with FreeBSD.

We’re currently in the midst of our 2016 Indiegogo fundraising drive. Your support is crucial. Won’t you please visit our fundraising page and make a contribution to support FOSS Force?

The following two tabs change content below.

Larry Cafiero

Larry Cafiero, a.k.a. Larry the Free Software Guy, is a journalist and a Free/Open Source Software advocate. He is involved in several FOSS projects and serves as the publicity chair for the Southern California Linux Expo. Follow him on Twitter: @lcafiero

Latest posts by Larry Cafiero (see all)

4 comments to FreeBSD, Variants Not Affected by Recent GNU Bug