Welcome to Centmin Mod Community
Become a Member

Security CVE-2015-0235 glibc heap-based buffer overflow (Ghost Vulnerability)

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Jan 28, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Redhat/CentOS 6 & CentOS 7 updated glibc pack for CVE-2015-0235. More info about The GHOST Vulnerability posted on Qualys.com Blog and here.

    Red Hat Customer Portal

    For RHEL 6 and CentOS 6 updated fixed glibc package versions are:


    Code:
    glibc-2.12-1.149.el6_6.5.i686.rpm       MD5: e74d0c2d56b3edcf9c62302739f7a66f
    SHA-256: af768fab88e794d09642bbc56e3d074fb0727b8cb947ea8e5da1719379d85890
    glibc-2.12-1.149.el6_6.5.x86_64.rpm       MD5: 121ec8029f654e1f6139d396fe5a2aa5
    SHA-256: 214b6c3489f2a1cba2900951cfcc0304cfe945b68fd240f6e9dfc89efe0d9944
    glibc-common-2.12-1.149.el6_6.5.x86_64.rpm       MD5: e713d921cbef40a3c82892bc491821a8
    SHA-256: 841933e08d0953a28ace0ec2b85cd684efbedc5d70e4111ce34b47a2fbf552d3
    glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm       MD5: 7d6f3f7a2c1e335f0cfb392a2d74120d
    SHA-256: de9d1d999ca2003b51d37cabe0a9aa15dadd1c208b6bdeb13078dd871fd0ea8c
    glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm       MD5: ad2faceb5658d9e489e8c003c820de0f
    SHA-256: 8c38310178ce0f91d0efca47124deed7e70874beecb470b77ac3260b70b67b60
    glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm       MD5: 38eec535262171d3cbe412cbcf157de1
    SHA-256: 86e3eced3edaae6a5b89bf760a6faa1918cd8d3c14c8262ba0deb27ee45a4285
    glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm       MD5: cfc5be0b86bb319c9f2422f52e2524a9
    SHA-256: a7ba140533870f48e304320565e1b00c9e8c46a74297ee2f5611fb7bfebda4ad
    glibc-devel-2.12-1.149.el6_6.5.i686.rpm       MD5: a24ed6eb326fdbb63d1661e30d6f6ca1
    SHA-256: 4ccafadc01edb36d5a6154b13355abff08a07f996f1bf8773eb2feba5947289a
    glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm       MD5: 7ca63d098f690e0cfea29b73106977d9
    SHA-256: 145f02f2e3e93ff40c46c167313a468be2772d1db8e1a4c5e92d17945bb22289
    glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm       MD5: 02b8367823348d05d73f000e157d0e03
    SHA-256: 5ebd34d1f58b7bbdf44d02400209033367657cb340160a5b1f895f5f00200b57
    glibc-static-2.12-1.149.el6_6.5.i686.rpm       MD5: e69a51f37fd6b52c660e6edb574dfa8f
    SHA-256: e0b488a8d3d5baa88a542600ff038935356577195ea33156d4e78d458a1a2183
    glibc-static-2.12-1.149.el6_6.5.x86_64.rpm       MD5: f86c29cd612b1a5a3c1673fd51275499
    SHA-256: a9baa29d247e1e1bf0f3497f422c6343a96984110938c558529d040b72614912
    glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm       MD5: 0e6d0c284e880f8378489feb9fba4288
    SHA-256: 2b03ad7fe2caa4d3d81eb96aeda5b8b376ce3a1ffefa0b6b803a2360c3e94cd9
    nscd-2.12-1.149.el6_6.5.x86_64.rpm       MD5: df196077209cd6c81c741fe7716faa98
    SHA-256: b473222b3502362312d03924e49f749d096c388113a6e8735fc2c90de72f7ff6
    
    For RHEL 7 and CentOS 7 updated fixed glibc package versions are:
    Code:
    glibc-2.17-55.el7_0.5.i686.rpm        MD5: 50cb3a7edeac20da23a340f60dabc117
    SHA-256: 89ba64df59ec13340d6480a3156563bc9e81e0e0716ea094a22d8416d0f6de6a
    glibc-2.17-55.el7_0.5.x86_64.rpm        MD5: 0df69456ceea6fa0e30120517b72ec1b
    SHA-256: 9731396c575207f942bb155cd5be1680063f6cc7bbb90463938bc0f6c69184af
    glibc-common-2.17-55.el7_0.5.x86_64.rpm        MD5: cca9e4a3e61e17b2ddce7224c3fbfe5a
    SHA-256: 6f85ada7bc124261422d8a6c64d662dcd28da881b11942311dd1e1b11c02bea0
    glibc-debuginfo-2.17-55.el7_0.5.i686.rpm        MD5: 17186aab8becaab2b2ff5d31a444620b
    SHA-256: 725d2b970d32d339088befd24e671c550651a6070af8ff89009e5ac2d398741b
    glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm        MD5: 5a1fe741cc5656ca2e4aaeb56bc91da4
    SHA-256: 65828c9111de42b5d549b75455ae0ee6c3779b348def6d625fdacfb267cad6a5
    glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm        MD5: 60670517858aa595d0208328252af9af
    SHA-256: 6358a70096147f22b9c711c8522c7e95afa1f03e2e1617b0a070eb747f81548c
    glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm        MD5: c45aca3233000725126bac39067936ff
    SHA-256: 14fa2f09647a50b57ab29bafa2d8a572d4067c44c11ce9f10e2a50f2574f1666
    glibc-devel-2.17-55.el7_0.5.i686.rpm        MD5: 2af68f3e999e988c17dcc178b4f1da07
    SHA-256: 93702d3d7e0b65b47a405c9cdaa2cb36278529bda4c2b13fdb13d65f6dbc247a
    glibc-devel-2.17-55.el7_0.5.x86_64.rpm        MD5: e4f975fdd55395bc41bf105bc464575b
    SHA-256: 33af0ac91c957dae1aba0df4bb580e59630d87bd17ad44186bbcfcb534ed9c8e
    glibc-headers-2.17-55.el7_0.5.x86_64.rpm        MD5: 699f53aa24ec79fe7faa5a78384c9a23
    SHA-256: 0ff7930b40108f75a31b16f94bdd87318eece08b314c1d167cba58b758557cfc
    glibc-static-2.17-55.el7_0.5.i686.rpm        MD5: 1a3bb7ff8839b424e687057aa8b36d18
    SHA-256: a5430229bea8ff3e49597a5eba81f695493599b3075604a9e76c0a5709f7da0e
    glibc-static-2.17-55.el7_0.5.x86_64.rpm        MD5: 79ba5946ac96f7b998121a73ca854928
    SHA-256: d4a91c47bcb3929d117116571b011b7695470fe16ff2ad62cda1565f8bed0402
    glibc-utils-2.17-55.el7_0.5.x86_64.rpm        MD5: 96d1bdd59b36540e29b0d2a904fa502e
    SHA-256: dd8b598e77ccb21a7d9db60fa716f7fd9fb9f8fec1e05579aea8abeb2757b405
    nscd-2.17-55.el7_0.5.x86_64.rpm        MD5: fddbf751cf969eeecf21cc7c9c308a53
    SHA-256: 3ebc74683d2d9ba2af530ae088833939f9082b15a3cd01b03756d5846bca4265
    Confirming fixes in installed glibc versions' change logs

    For CentOS 6
    Code:
    rpm -qa --changelog glibc | head -n2
    * Mon Jan 19 2015 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.12-1.149.5
    - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).
    For CentOS 7
    Code:
    rpm -qa --changelog glibc | head -n5
    * Mon Jan 19 2015 Carlos O'Donell <codonell@redhat.com> - 2.17-55.5
    - Rebuild and run regression testing.
    
    * Mon Jan 19 2015 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.17-55.4
    - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183535).
    
     
    Last edited: Jan 28, 2015
  2. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    FYI, if you use yum-cron you would eventually also get automatic updates for yum Automatic nightly YUM updates with yum-cron | Centmin Mod Community :)

    otherwise manual update via command

    Code:
    yum clean all
    yum list updates
    yum -y update
    Update: you may also need to restart services which rely on libc or reboot server

    one liner command to find which services use libc and restart them

    Code:
    for s in $(lsof +c 15 | grep libc | awk '{print $1}' | sort | uniq); do if [[ -f "/etc/init.d/$s" && "$(ps aufx | grep -v grep | grep $s)" ]]; then echo $s; service $s restart; fi; done
    Centmin Mod LEMP server output for command
    Code:
    for s in $(lsof +c 15 | grep libc | awk '{print $1}' | sort | uniq); do if [[ -f "/etc/init.d/$s" && "$(ps aufx | grep -v grep | grep $s)" ]]; then echo $s; service $s restart; fi; done
    
    auditd
    Stopping auditd:                                           [  OK  ]
    Starting auditd:                                           [  OK  ]
    crond
    Stopping crond:                                            [  OK  ]
    Starting crond:                                            [  OK  ]
    haveged
    Stopping haveged:                                          [  OK  ]
    Starting haveged:                                          [  OK  ]
    lfd
    Stopping lfd:                                              [  OK  ]
    Starting lfd:                                              [  OK  ]
    memcached
    Memcached server stopped
    Memcached server started
    nginx
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    Stopping nginx:                                            [  OK  ]
    Starting nginx:                                            [  OK  ]
    ntpd
    Shutting down ntpd:                                        [  OK  ]
    Starting ntpd:                                             [  OK  ]
    php-fpm
    Gracefully shutting down php-fpm . done
    Starting php-fpm  done
    sshd
    Stopping sshd:                                             [  OK  ]
    Starting sshd:                                             [  OK  ]
    supervisord
    Stopping supervisord:                                      [  OK  ]
    Starting supervisord:                                      [  OK  ]
    
    hmm since yum-cron is just a shell script could come up with a 2nd copy for glibc like updates that also add a service check/restart function to it ?
     
    Last edited: Jan 29, 2015
  3. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    more info at Critical glibc update (CVE-2015-0235) in gethostbyname() calls

     
  4. deltahf

    deltahf Premium Member Premium Member

    586
    264
    63
    Jun 8, 2014
    Ratings:
    +487
    Local Time:
    1:20 PM
    It's times like these when I really appreciate having an expert like yourself to help stay on top of things, and to help me know that I've done everything necessary to stay secure.

    Thanks again for all you do, @eva2000!
     
  5. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  6. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  7. mgaidia

    mgaidia New Member

    23
    11
    3
    Dec 4, 2014
    Austria
    Ratings:
    +12
    Local Time:
    7:20 PM
    1.7.9
    5.5.41
    A very small modification to the one liner, lsof by default returns 9 characters which might not be enough is some situation, use +c 15 option to make it return he maximum possible 15 characters.

    for s in $(lsof +c 15| grep libc | awk '{print $1}' | sort | uniq); do if [[ -f "/etc/init.d/$s" && "$(ps aufx | grep -v grep | grep $s)" ]]; then echo $s; service $s restart; fi; done
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    nice catch there ! updating 1st post :)
     
  9. Misters89

    Misters89 New Member

    7
    0
    1
    Dec 26, 2014
    Ratings:
    +0
    Local Time:
    7:20 PM
    I want to update with yum but getting stuck on this error.

    Code:
    Error: Package: glibc-2.12-1.149.el6.i686 (@base)
    Requires: glibc-common = 2.12-1.149.el6
    Removing: glibc-common-2.12-1.149.el6.x86_64 (@base)
    glibc-common = 2.12-1.149.el6
    Updated By: glibc-common-2.12-1.149.el6_6.5.x86_64 (updates)
    glibc-common = 2.12-1.149.el6_6.5
    Available: glibc-common-2.12-1.149.el6_6.4.x86_64 (updates)
    glibc-common = 2.12-1.149.el6_6.4
    Its a clean vps with only centminmod installed (1.2.3-eva2000.07)
     
  10. mgaidia

    mgaidia New Member

    23
    11
    3
    Dec 4, 2014
    Austria
    Ratings:
    +12
    Local Time:
    7:20 PM
    1.7.9
    5.5.41
    yum update --disablerepo=updates
     
  11. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you have mixed x86_64 and i686 packages usually happens and is installed prior to Centmin Mod install by the OS image that is setup on the server when first setup.

    check if you server is 64bit x86_64 or 32bit i686 first

    Code:
    uname -m
    
    if x86_64 64bit then you can use command below to remove all 32bit packages

    Code:
    yum remove \*.i686
    Then run yum update

    Code:
    yum clean all
    yum -y update
     
  12. Misters89

    Misters89 New Member

    7
    0
    1
    Dec 26, 2014
    Ratings:
    +0
    Local Time:
    7:20 PM
    Thanks mate :) updating works fine now.
     
  13. Mak Adang

    Mak Adang Member

    62
    20
    8
    Jan 4, 2015
    Ratings:
    +23
    Local Time:
    1:20 AM
    1.9.0
    10.0.18-MariaDB
    Thanks, resolved my same problem too.