[Triumf-linux-users] [Triumf-linux-managers] Security update for glibc on Enterprise Linux
Andrew Daviel
advax at triumf.ca
Wed Jan 28 12:50:34 PST 2015
On Tue, 27 Jan 2015, Andrew Daviel wrote:
>
> Further to my last message, it appears unnecessary to explicitly restart any
> servers. The RPM install of glibc will restart init and the SSH server using
> /usr/sbin/glibc_post_upgrade*, while dynamically-linked programs should
> automatically use the new library.
Some more links via the RCMP email alerts:
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
They say that procmail is vulnerable, and may be installed suid root (not
on systems I looked at).
The following works to show vulnerability:
/usr/sbin/clockdiff `python -c "print '0' * $((0x10000-16*1-2*4-1-4))" `
If this command throws a Segmentation Fault, then glibc is vulnerable.
The RCMP alert (GC-CIRT Alert GCAL15-001 UPDATE 1) says:
>>>
Debian 7, RHEL 6 and 7, CentOS 6 and 7 and Ubuntu LTS 12.04 are confirmed
to be vulnerable.
Once patched, all services that depend on glibc must be restarted, or the
entire system must be rebooted.
Services that depend on glibc can be found by the terminal command:
lsof | awk '/libc/{print $1}' | sort -u`
Software that is statically (not dynamically) compiled with versions of
glibc prior to 2.18 (including some
software compiled for alternate platforms, e.g. Windows) will remain
vulnerable and must be remediated
separately.
<<<
Does anyone know for certain about restarting services ?
Per my last, updating the glibc RPM will trigger a restart of sshd and
init, which I thought would pull in a new memory-resident shared library
which everything else would use.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
More information about the Triumf-linux-users
mailing list