lots of tech info here

Patching glibc CVE-2015-7547 Vulnerability

There is a new vulnerability alert affecting glibc versions 2.9 and above on various Linux distributions. This is a stack-based buffer overflow when the getaddrinfo() library is used. A remote attacker can exploit it with specific domain names and controlled DNS servers or MIM attack.

CVE-2015-7547 has been outlined here here (debian.org), here (redhat.com) and Google online security blog.

First, find out what version of glibc you have.

$ldd --version
ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

A glibc version equal to or greater than 2.9 would mean you have to patch your server at the earliest, if you haven't already. To see the exact version on CentOS run this command.

  rpm -qa glibc

This is a list of patched versions: + Debian stable: 2.19-18+deb8u3 (jessie) + Debian testing: 2.21-8 (sid) + CentOS 7: glibc-2.17-106.el7_2.4.x86_64 + CentOS 6: glibc-2.12-1.166.el6_7.7.x86_64 or glibc-2.12-1.166.el6_7.7.i686

Debian and Ubuntu

On Debian and Ubuntu, follow these steps.

  sudo apt-get update
  sudo apt-get upgrade
  sudo reboot

After it reboots, check the glibc version again to confirm that it is now the patched version.

You should get something like this:

$ ldd --version
ldd (Debian GLIBC 2.19-18) 2.19
Copyright (C) 2014 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

CentOS

On CentOS 7, follow these steps.

  sudo yum -y makecache fast
  sudo yum clean all
  sudo yum -y update glibc
  sudo reboot

After it reboots, check the glibc version again to confirm that it is now the patched version.

  rpm -qa glibc

It should show this:

  glibc-2.17-106.el7_2.4.x86_64

How do I know if I have CentOS 6 or 7?

Run this command:

  cat /etc/centos-release

You should get a response like this:

  CentOS release 6.5 (Final)

or this:

 CentOS Linux release 7.1.1503 (Core) 

How do I know which version of Debian I have?

Run this command:

  cat /etc/debian_version

You should get a response like this:

  8.0

or this:

 7.9

Run this command for more specific information:

  lsb_release -da

Your output will be similar to this:

$ lsb_release -da
No LSB modules are available.
Distributor ID:    Debian
Description:       Debian GNU/Linux 8.0 (jessie)
Release:           8.0
Codename:          jessie

Posted on 19 Feb 2016

If you liked this article, subscribe to our Feed, follow us on Twitter (@aruljohn) and/or join our Facebook Page.

Share this with Others

Subscribe

Tags