CVE-2015-7547 glibc fix

Support for security such as Firewalls and securing linux
User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2015-7547 glibc fix

Post by TrevorH » 2016/02/18 02:52:05

Your updates repo points to /os/ not to /updates/
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CVE-2015-7547 glibc fix

Post by avij » 2016/02/18 08:20:10

You should have these two repositories set up to get all the available updates:

Code: Select all

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

downneck
Posts: 1
Joined: 2016/02/18 15:21:26

Re: CVE-2015-7547 glibc fix

Post by downneck » 2016/02/18 15:30:08

why on earth is this not tagged as a security update?

Code: Select all

$ sudo yum clean all
Loaded plugins: fastestmirror, security
Cleaning repos: base epel extras mariadb percona rsyslog_v8 updates
Cleaning up Everything

$ sudo yum update --security -y
Loaded plugins: fastestmirror, security
Setting up Update Process
Determining fastest mirrors
epel/metalink                                                                                                    |  11 kB     00:00     
 * epel: mirror.oss.ou.edu
base                                                                                                             | 3.7 kB     00:00     
base/primary_db                                                                                                  | 4.6 MB     00:00     
epel                                                                                                             | 4.3 kB     00:00     
epel/primary_db                                                                                                  | 5.8 MB     00:00     
extras                                                                                                           | 3.4 kB     00:00     
extras/primary_db                                                                                                |  34 kB     00:00     
mariadb                                                                                                          | 2.9 kB     00:00     
mariadb/primary_db                                                                                               |  22 kB     00:00     
percona                                                                                                          | 2.5 kB     00:00     
percona/primary_db                                                                                               | 408 kB     00:00     
rsyslog_v8                                                                                                       | 2.5 kB     00:00     
rsyslog_v8/primary_db                                                                                            | 198 kB     00:04     
updates                                                                                                          | 3.4 kB     00:00     
updates/primary_db                                                                                               | 3.9 MB     00:00     
Resolving Dependencies
Limiting packages to security relevant ones
epel/updateinfo                                                                                                  | 727 kB     00:00     
No packages needed for security; 219 packages available


$ sudo rpm -qa|grep glibc-2.12-1
glibc-2.12-1.149.el6_6.5.x86_64
DAFUQ?!?!

Code: Select all

$ sudo yum update -y glibc
Loaded plugins: fastestmirror, security
Setting up Update Process
Loading mirror speeds from cached hostfile
 * epel: mirror.oss.ou.edu
Resolving Dependencies
--> Running transaction check
---> Package glibc.x86_64 0:2.12-1.149.el6_6.5 will be updated
--> Processing Dependency: glibc = 2.12-1.149.el6_6.5 for package: nscd-2.12-1.149.el6_6.5.x86_64
--> Processing Dependency: glibc = 2.12-1.149.el6_6.5 for package: glibc-common-2.12-1.149.el6_6.5.x86_64
--> Processing Dependency: glibc = 2.12-1.149.el6_6.5 for package: glibc-headers-2.12-1.149.el6_6.5.x86_64
--> Processing Dependency: glibc = 2.12-1.149.el6_6.5 for package: glibc-devel-2.12-1.149.el6_6.5.x86_64
---> Package glibc.x86_64 0:2.12-1.166.el6_7.7 will be an update
--> Running transaction check
---> Package glibc-common.x86_64 0:2.12-1.149.el6_6.5 will be updated
---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.7 will be an update
---> Package glibc-devel.x86_64 0:2.12-1.149.el6_6.5 will be updated
---> Package glibc-devel.x86_64 0:2.12-1.166.el6_7.7 will be an update
---> Package glibc-headers.x86_64 0:2.12-1.149.el6_6.5 will be updated
---> Package glibc-headers.x86_64 0:2.12-1.166.el6_7.7 will be an update
---> Package nscd.x86_64 0:2.12-1.149.el6_6.5 will be updated
---> Package nscd.x86_64 0:2.12-1.166.el6_7.7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================================
 Package                           Arch                       Version                                 Repository                   Size
========================================================================================================================================
Updating:
 glibc                             x86_64                     2.12-1.166.el6_7.7                      updates                     3.8 M
Updating for dependencies:
 glibc-common                      x86_64                     2.12-1.166.el6_7.7                      updates                      14 M
 glibc-devel                       x86_64                     2.12-1.166.el6_7.7                      updates                     986 k
 glibc-headers                     x86_64                     2.12-1.166.el6_7.7                      updates                     615 k
 nscd                              x86_64                     2.12-1.166.el6_7.7                      updates                     227 k

Transaction Summary
========================================================================================================================================
Upgrade       5 Package(s)

Total download size: 20 M
Downloading Packages:
(1/5): glibc-2.12-1.166.el6_7.7.x86_64.rpm                                                                       | 3.8 MB     00:00     
(2/5): glibc-common-2.12-1.166.el6_7.7.x86_64.rpm                                                                |  14 MB     00:00     
(3/5): glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm                                                                 | 986 kB     00:00     
(4/5): glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm                                                               | 615 kB     00:00     
(5/5): nscd-2.12-1.166.el6_7.7.x86_64.rpm                                                                        | 227 kB     00:00     
----------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                    20 MB/s |  20 MB     00:01     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : glibc-common-2.12-1.166.el6_7.7.x86_64                                                                              1/10 
  Updating   : glibc-2.12-1.166.el6_7.7.x86_64                                                                                     2/10 
  Updating   : glibc-headers-2.12-1.166.el6_7.7.x86_64                                                                             3/10 
  Updating   : glibc-devel-2.12-1.166.el6_7.7.x86_64                                                                               4/10 
  Updating   : nscd-2.12-1.166.el6_7.7.x86_64                                                                                      5/10 
  Cleanup    : glibc-devel-2.12-1.149.el6_6.5.x86_64                                                                               6/10 
  Cleanup    : glibc-headers-2.12-1.149.el6_6.5.x86_64                                                                             7/10 
  Cleanup    : nscd-2.12-1.149.el6_6.5.x86_64                                                                                      8/10 
  Cleanup    : glibc-common-2.12-1.149.el6_6.5.x86_64                                                                              9/10 
  Cleanup    : glibc-2.12-1.149.el6_6.5.x86_64                                                                                    10/10 
  Verifying  : glibc-headers-2.12-1.166.el6_7.7.x86_64                                                                             1/10 
  Verifying  : nscd-2.12-1.166.el6_7.7.x86_64                                                                                      2/10 
  Verifying  : glibc-2.12-1.166.el6_7.7.x86_64                                                                                     3/10 
  Verifying  : glibc-common-2.12-1.166.el6_7.7.x86_64                                                                              4/10 
  Verifying  : glibc-devel-2.12-1.166.el6_7.7.x86_64                                                                               5/10 
  Verifying  : nscd-2.12-1.149.el6_6.5.x86_64                                                                                      6/10 
  Verifying  : glibc-common-2.12-1.149.el6_6.5.x86_64                                                                              7/10 
  Verifying  : glibc-devel-2.12-1.149.el6_6.5.x86_64                                                                               8/10 
  Verifying  : glibc-headers-2.12-1.149.el6_6.5.x86_64                                                                             9/10 
  Verifying  : glibc-2.12-1.149.el6_6.5.x86_64                                                                                    10/10 

Updated:
  glibc.x86_64 0:2.12-1.166.el6_7.7                                                                                                     

Dependency Updated:
  glibc-common.x86_64 0:2.12-1.166.el6_7.7     glibc-devel.x86_64 0:2.12-1.166.el6_7.7     glibc-headers.x86_64 0:2.12-1.166.el6_7.7    
  nscd.x86_64 0:2.12-1.166.el6_7.7            

Complete!
bruh.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2015-7547 glibc fix

Post by TrevorH » 2016/02/18 15:55:12

The CentOS yum repos do not contain the necessary metadata for yum-plugin-security to function. There are no CentOS updates that are marked as 'security'.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

adamdevweb
Posts: 1
Joined: 2016/02/19 08:40:42

Re: CVE-2015-7547 glibc fix

Post by adamdevweb » 2016/02/19 08:52:08

Hi, Just updated my CentOS 6.5, the update was not showing in the update list so I've done

yum update -y glibc

and that's it.

hope it helps
Cheers

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CVE-2015-7547 glibc fix

Post by avij » 2016/02/19 09:08:25

If yum update glibc works, plain yum update without any other parameters should work as well. If it does not, you may have some conflicting repositories set up, preventing the update.

Note that with the default configuration yum update will also update you to CentOS 6.7, which is the supported version at the moment. If you are running CentOS 6.5, you are missing quite a few other important updates.

genesteinberg
Posts: 3
Joined: 2016/02/22 20:02:04

Re: CVE-2015-7547 glibc fix

Post by genesteinberg » 2016/02/22 20:03:48

Does this problem impact CentOS 7 users?

If so, what version of glibc should I be using?

Peace,
Gene

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2015-7547 glibc fix

Post by TrevorH » 2016/02/22 20:53:10

Yes, this affects CentOS 7 too and the fixed version is glibc-2.17-106.el7_2.4.x86_64
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

genesteinberg
Posts: 3
Joined: 2016/02/22 20:02:04

Re: CVE-2015-7547 glibc fix

Post by genesteinberg » 2016/02/22 21:29:51

So this is the good one then?

ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

Peace,
Gene

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2015-7547 glibc fix

Post by TrevorH » 2016/02/22 21:32:40

Use rpm -q glibc to check your version.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply