lunes, 29 de febrero de 2016

CVE-2015-3456 and CVE-2015-7547 for Redhat and upstream

This are the steps to create a cluster with the patch of CVE-2015-3456 

Redhat CVECVE-2015-3456
Bugzilla: 1218611
Last Closed: 2015-05-27 09:34:15 EDT
Released in package: I couldn't determine that


Redhat CVECVE-2015-7547
Bugzilla: 1293532
Last Closed: 2016-02-16 11:58:28 EST
Released in package: RHSA-2016-0175 glibc-2.12-1.166.el6_7.7.src.rpm


1.
The patch can be found at 2.23 release from: http://www.gnu.org/software/libc/libc.html with date 2016-02-19

But actually Red Hat has not created a 2.23 ( CVE-2015-7547) package, instead it has patched 2.12 to glibc-2.12-1.166.el6_7.7.src.rpm. This can be confirmed in: https://rhn.redhat.com/errata/RHSA-2016-0175.html


2. Install package 166 on each node:
This is what is installed in my system:
The easy way is to query your Red Hat system and see if package 166 is available:
[root@glibc-5 ~]# rpm -qa | grep glibc
glibc-2.12-1.132.el6.i686
glibc-devel-2.12-1.132.el6.x86_64
glibc-common-2.12-1.132.el6.x86_64
glibc-headers-2.12-1.132.el6.x86_64
glibc-2.12-1.132.el6.x86_64
This is what can be installed:
[root@glibc-5 ~]# yum list glibc
Loaded plugins: amazon-id, rhui-lb, security
rightscale-epel | 2.9 kB 00:00 
Installed Packages
glibc.i686 2.12-1.132.el6 @rhui-us-west-1-rhel-server-releases
glibc.x86_64 2.12-1.132.el6 @rhui-us-west-1-rhel-server-releases
Available Packages
glibc.i686 2.12-1.166.el6_7.7 rhui-REGION-rhel-server-releases 
glibc.x86_64 2.12-1.166.el6_7.7 rhui-REGION-rhel-server-releases 
[root@glibc-5 ~]#

There it is... 166 package that has the patch. Install it on each node:
[root@glibc-5 ~]# yum install glibc


3. Make sure that current installed libgc is 166 on each node
 
[root@glibc-1 ~]# rpm -qa | grep glibc
glibc-devel-2.12-1.166.el6_7.7.x86_64
glibc-common-2.12-1.166.el6_7.7.x86_64
glibc-headers-2.12-1.166.el6_7.7.x86_64
glibc-2.12-1.166.el6_7.7.x86_64
glibc-2.12-1.166.el6_7.7.i686
[root@glibc-1 ~]#

Enjoy!
P.S. Denmark is the country having the first official flag

No hay comentarios:

Publicar un comentario