This are the steps to create a cluster with the patch of CVE-2015-3456
Redhat CVE: CVE-2015-3456
Bugzilla: 1218611
Last Closed: 2015-05-27 09:34:15 EDT
Released in package: I couldn't determine that
Redhat CVE: CVE-2015-7547
Bugzilla: 1293532
Last Closed: 2016-02-16 11:58:28 EST
Released in package: RHSA-2016-0175 glibc-2.12-1.166.el6_7.7.src.rpm
1.
As stated on: https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html?m=1
The patch is available at:
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
The patch can be found at 2.23 release from: http://www.gnu.org/software/libc/libc.html with date 2016-02-19
But actually Red Hat has not created a 2.23 ( CVE-2015-7547) package, instead it has patched 2.12 to glibc-2.12-1.166.el6_7.7.src.rpm. This can be confirmed in: https://rhn.redhat.com/errata/RHSA-2016-0175.html
There is more information about it on:
https://access.redhat.com/articles/1444903
https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/
http://venom.crowdstrike.com/
http://xenbits.xen.org/xsa/advisory-133.html
etc.
https://access.redhat.com/articles/1444903
https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/
http://venom.crowdstrike.com/
http://xenbits.xen.org/xsa/advisory-133.html
etc.
2. Install package 166 on each node:
This is what is installed in my system:
The easy way is to query your Red Hat system and see if package 166 is available:
The easy way is to query your Red Hat system and see if package 166 is available:
[root@glibc-5 ~]# rpm -qa | grep glibc glibc-2.12-1.132.el6.i686 glibc-devel-2.12-1.132.el6.x86_64 glibc-common-2.12-1.132.el6.x86_64 glibc-headers-2.12-1.132.el6.x86_64 glibc-2.12-1.132.el6.x86_64
This is what can be installed:
[root@glibc-5 ~]# yum list glibc Loaded plugins: amazon-id, rhui-lb, security rightscale-epel | 2.9 kB 00:00 Installed Packages glibc.i686 2.12-1.132.el6 @rhui-us-west-1-rhel-server-releases glibc.x86_64 2.12-1.132.el6 @rhui-us-west-1-rhel-server-releases Available Packages glibc.i686 2.12-1.166.el6_7.7 rhui-REGION-rhel-server-releases glibc.x86_64 2.12-1.166.el6_7.7 rhui-REGION-rhel-server-releases [root@glibc-5 ~]#
There it is... 166 package that has the patch. Install it on each node:
[root@glibc-5 ~]# yum install glibc
3. Make sure that current installed libgc is 166 on each node[root@glibc-1 ~]# rpm -qa | grep glibc glibc-devel-2.12-1.166.el6_7.7.x86_64 glibc-common-2.12-1.166.el6_7.7.x86_64 glibc-headers-2.12-1.166.el6_7.7.x86_64 glibc-2.12-1.166.el6_7.7.x86_64 glibc-2.12-1.166.el6_7.7.i686 [root@glibc-1 ~]#Enjoy!P.S. Denmark is the country having the first official flag
i am pleased to see thiss on net, you are doing great work, Thanks From Team
ResponderEliminarDrift Escape Police
Cop Chase