[Triumf-linux-users] [Triumf-linux-managers] Security update for glibc on Enterprise Linux

Andrew Daviel advax at triumf.ca
Wed Jan 28 12:50:34 PST 2015


On Tue, 27 Jan 2015, Andrew Daviel wrote:

>
> Further to my last message, it appears unnecessary to explicitly restart any 
> servers. The RPM install of glibc will restart init and the SSH server using 
> /usr/sbin/glibc_post_upgrade*, while dynamically-linked programs should 
> automatically use the new library.


Some more links via the RCMP email alerts:
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

They say that procmail is vulnerable, and may be installed suid root (not 
on systems I looked at).

The following works to show vulnerability:
   /usr/sbin/clockdiff `python -c "print '0' * $((0x10000-16*1-2*4-1-4))" `
If this command throws a Segmentation Fault, then glibc is vulnerable.

The RCMP alert (GC-CIRT Alert GCAL15-001 UPDATE 1) says:

>>>
Debian 7, RHEL 6 and 7, CentOS 6 and 7 and Ubuntu LTS 12.04 are confirmed 
to be vulnerable.

Once patched, all services that depend on glibc must be restarted, or the 
entire system must be rebooted. 
Services that depend on glibc can be found by the terminal command:

        lsof | awk '/libc/{print $1}' | sort -u`

Software that is statically (not dynamically) compiled with versions of 
glibc prior to 2.18 (including some
software compiled for alternate platforms, e.g. Windows) will remain 
vulnerable and must be remediated
separately.
<<<

Does anyone know for certain about restarting services ?
Per my last, updating the glibc RPM will trigger a restart of sshd and 
init, which I thought would pull in a new memory-resident shared library 
which everything else would use.


-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)
Network Security Manager


More information about the Triumf-linux-users mailing list