DuckDuckGo Ups Ante: Gives $300K to 'Raise the Standard of Trust'
For the seventh year in a row, the search engine that promises not to stalk your online moves puts its money where its mouth is, this year by donating $300,000 to organizations that
System76 Saying Goodbye to Bland Design
Considering that System76 chose to unveil its new design plans to The Linux Gamer -- no invite went to FOSS Force, BTW -- we can't help but wonder if a System76 Steam Machine isn't in the works.

The Screening
The Great Debian Iceweasel/Icedove Saga Comes to an End
Now that Thunderbird is back in the Debian repositories, the decade long dispute that led to all Mozilla products in Debian being rebranded has ended.



The hatchet is finally completely
Back Yard Linux
It's not as lonely being a Linux user as it once was. These days you're liable to find people throughout your neighborhood using Linux.



My how times have changed.

It wasn't long ago that Linux
No, Evil Hackers Aren't After You
Humankind has outgrown the need to have monsters hiding under our beds. Now we let them hide in our phones, computers and microwave ovens.

Roblimo's Hideaway



OMG! I think I see a giant camera lens on
Should the U.S. Army Have Its Own Open Source License?
Should the U.S. armed forces begin releasing software under an OSI approved open source license rather than as public domain?

Roblimo's Hideaway



This question has generated many pixels'
GitHub CEO Chris Wanstrath on Open Source
Did you know that the software Stephen Hawking uses to speak is open source and that it's available on GitHub? Neither did we.

The Screening Room




At the Computer History museum, GitHub CEO Chris
February 18th, 2016

FreeBSD, Variants Not Affected by Recent GNU Bug

Larry the BSD Guy

The glibc security vulnerability that Linux developers have been scrambling to patch does not affect *BSD.

Much has been made about a vulnerability in a function in the GNU C Library. And searching far and wide over the Internet, there was little — actually nothing — I could find regarding how this affected BSD variants.

However, you can rest easy, BSDers: Not our circus, not our monkeys.

Dag-Erling Smørgrav, a FreeBSD developer since 1998 and a former FreeBSD Security Officer, writes in his blog that “neither FreeBSD itself nor native FreeBSD applications are affected.”

He explains further: “While the resolver in FreeBSD’s libc and GNU libc share a common ancestry, the bug was introduced when the latter was rewritten to send A and AAAA queries in parallel rather than sequentially when the application requests both.”

Smørgrav doesn’t stop there, though. To his credit, he also offers solutions for those who may be affected — “The issue can be mitigated by only using resolvers you trust, and configuring them to avoid sending responses which can trigger the bug.” And from there, he goes into a lengthy and detailed solution explanation which, personally, is proverbially far above my balding head (which, truthfully, isn’t saying much in the realm of servers and security).

Smørgrav’s blog item is worth a read, especially if you know about the intricacies of this particular issue. Even if you don’t and want to take a look, the time reading it is well-spent; however if you’re a neophyte like me, keep Google handy. Speaking as someone who is rapidly, albeit haphazardly, getting up to speed on BSD, I am grateful for the work done by those involved with BSD in keeping us informed and keeping things running smoothly.

See you next week.

Editor note: Article updated on February 19, 2016 at 10:25 a.m. to identify Dag-Erling Smørgrav as a former security officer with FreeBSD.

We’re currently in the midst of our 2016 Indiegogo fundraising drive. Your support is crucial. Won’t you please visit our fundraising page and make a contribution to support FOSS Force?

The following two tabs change content below.

Larry Cafiero

Larry Cafiero, a.k.a. Larry the Free Software Guy, is a journalist and a Free/Open Source Software advocate. He is involved in several FOSS projects and serves as the publicity chair for the Southern California Linux Expo. Follow him on Twitter: @lcafiero

Latest posts by Larry Cafiero (see all)

4 comments to FreeBSD, Variants Not Affected by Recent GNU Bug