Join the community today
Register Now

Security glibc vulnerability CVE-2015-7547

Discussion in 'CentOS, Redhat & Oracle Linux News' started by dorobo, Feb 17, 2016.

  1. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +161
    Local Time:
    9:40 AM
    latest
    latest
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:40 AM
    Nginx 1.13.x
    MariaDB 5.5
    ah explains why i got a yum update notice for this :)

    centos 6
    Code:
    rpm -qa --changelog glibc | head -n3
    * Thu Jan 28 2016 Carlos O'Donell <carlos@redhat.com> - 2.12-1.166.7
    - Update fix for CVE-2015-7547 (#1296028).
    centos 7
    Code:
    rpm -qa --changelog glibc | head -n9
    * Fri Feb 05 2016 Florian Weimer <fweimer@redhat.com> - 2.17-106.4
    - Revert problematic libresolv change, not needed for the
      CVE-2015-7547 fix (#1296030).
    
    * Fri Jan 15 2016 Carlos O'Donell <carlos@redhat.com> - 2.17-106.3
    - Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296030).
    - Fix madvise performance issues (#1298930).
    - Avoid "monstartup: out of memory" error on powerpc64le (#1298956).
    
     
    Last edited: Feb 17, 2016
  3. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:40 AM
    Nginx 1.13.x
    MariaDB 5.5
    CVE-2015-7547 - Red Hat Customer Portal

     
  4. RoldanLT

    RoldanLT Well-Known Member

    3,901
    949
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,298
    Local Time:
    9:40 AM
    1.11
    10.2
    Thanks!
     
    • Like Like x 1
  5. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:40 AM
    Nginx 1.13.x
    MariaDB 5.5
  6. RoldanLT

    RoldanLT Well-Known Member

    3,901
    949
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,298
    Local Time:
    9:40 AM
    1.11
    10.2
    And some that I work for don't want me to auto update MariaDB :D.
    They don't want even just a second downtime without preparation or doing on off peak hours.
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:40 AM
    Nginx 1.13.x
    MariaDB 5.5
    Working on my own yum-cron script specific to Centmin Mod stack environments too https://community.centminmod.com/posts/24401/
     
    • Like Like x 2
  8. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:40 AM
    Nginx 1.13.x
    MariaDB 5.5
    FYI, folks might need to reboot their servers after glibc update due to services that use glibc or at the very least restart services which use glibc
    list of processes on centos 7 install that use glibc for me
    Code:
    lsof | awk '/libc-/ {print $2,$1,$4,$NF}' | uniq
    1 systemd mem /usr/lib64/libc-2.17.so
    100 dbus-daem mem directory)
    115 agetty mem directory)
    117 agetty mem directory)
    358 sshd mem directory)
    360 bash mem directory)
    657 systemd-u mem /usr/lib64/libc-2.17.so
    662 systemd-j mem /usr/lib64/libc-2.17.so
    1074 sshd mem /usr/lib64/libc-2.17.so
    1116 systemd-l mem /usr/lib64/libc-2.17.so
    3006 php-fpm mem /usr/lib64/libc-2.17.so
    3006 php-fpm mem /usr/lib64/libc-client.so.2007
    7500 master mem /usr/lib64/libc-2.17.so
    7502 qmgr mem /usr/lib64/libc-2.17.so
    10670 nsd mem /usr/lib64/libc-2.17.so
    10672 nsd mem /usr/lib64/libc-2.17.so
    10673 nsd mem /usr/lib64/libc-2.17.so
    10698 mysqld mem /usr/lib64/libc-2.17.so
    10698 mysqld mysql /usr/lib64/libc-2.17.so
    11965 bash mem /usr/lib64/libc-2.17.so
    12059 nginx mem /usr/lib64/libc-2.17.so
    12060 nginx mem /usr/lib64/libc-2.17.so
    12060 nginx nginx /usr/lib64/libc-2.17.so
    12061 nginx mem /usr/lib64/libc-2.17.so
    12061 nginx nginx /usr/lib64/libc-2.17.so
    12147 pickup mem /usr/lib64/libc-2.17.so
    12164 crond mem /usr/lib64/libc-2.17.so
    12243 lfd mem /usr/lib64/libc-2.17.so
    12334 lsof mem /usr/lib64/libc-2.17.so
    12335 awk mem /usr/lib64/libc-2.17.so
    12336 uniq mem /usr/lib64/libc-2.17.so
    12337 lsof mem /usr/lib64/libc-2.17.so
    12370 pure-ftpd mem /usr/lib64/libc-2.17.so
    12626 rsyslogd mem /usr/lib64/libc-2.17.so
    12626 in:imjour root /usr/lib64/libc-2.17.so
    12626 rs:main root /usr/lib64/libc-2.17.so
    21335 memcached mem /usr/lib64/libc-2.17.so
    21335 memcached nobody /usr/lib64/libc-2.17.so
    for centos 6.x services with init.d files
    Code:
    for s in $(lsof | awk '/libc-/ {print $1}' | uniq ); do if [ -f /etc/init.d/$s ]; then echo $s; fi; done
    nsd
    lfd
    php-fpm
    sshd
    ntpd
    haveged
    memcached
    nginx
    crond
    sshd
    Code:
    for s in $(lsof | awk '/libc-/ {print $1}' | uniq ); do if [ -f /etc/init.d/$s ]; then ps aux | grep $s | grep -v grep >/dev/null; ON=$?;    if [[ "$ON" = '0' ]]; then echo $s;  echo "/etc/init.d/$s restart";  /etc/init.d/$s restart; fi;    fi; done
    For CentOS 7 Critical glibc buffer overflow vulnerability in getaddrinfo() on Linux (CVE-2015-7547 & CVE-2015-5229)
    Code:
    systemctl daemon-reexec
     
    Last edited: Feb 18, 2016
    • Like Like x 1
    • Agree Agree x 1
    • Informative Informative x 1
  9. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:40 AM
    Nginx 1.13.x
    MariaDB 5.5
    Media coverage
    guess more updates to come ?
    sheer luck ?
    for GHOST glibc Vulnerability Affects WordPress and PHP applications

    i get
    Code:
    php -r '$e="0";for($i=0;$i<2500;$i++){$e="0$e";} gethostbyname($e);' Segmentation fault
    PHP Warning:  gethostbyname(): Host name is too long, the limit is 255 characters in Command line code on line 1
    
    Code:
    php -r '$e="0";for($i=0;$i<2500;$i++){$e="0$e";} gethostbyname($e);'                  
    PHP Warning:  gethostbyname(): Host name is too long, the limit is 255 characters in Command line code on line 1
     
    Last edited: Feb 18, 2016
    • Informative Informative x 1
  10. Xon

    Xon Active Member

    130
    57
    28
    Nov 16, 2015
    Ratings:
    +171
    Local Time:
    9:40 AM
    1.11.x
    MariaDB 10.1.x
    • Agree Agree x 1
  11. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:40 AM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah that's why my centmin mod custom yumupdates.sh script I am working on (based off of yum-cron), will also detect glibc package updates (via querying the yum history info id of last yum update made) and auto restart all services attached associated with libc-* AND are actually services which are already running ONLY. Not 100% fool proof, but a stop gap measure until you can schedule a server reboot i.e. when sleeping :D
     
  12. Matt

    Matt Moderator Staff Member

    691
    319
    63
    May 25, 2014
    Sheffield, UK
    Ratings:
    +444
    Local Time:
    2:40 AM
    1.7.1
    MariaDB 10
    I'm just going through and prepping everything for reboots over night tonight. All the cPanel servers have already got the update from the nightly yum.cron they run.
     
    • Like Like x 1
  13. Matt

    Matt Moderator Staff Member

    691
    319
    63
    May 25, 2014
    Sheffield, UK
    Ratings:
    +444
    Local Time:
    2:40 AM
    1.7.1
    MariaDB 10
    • Informative Informative x 2
  14. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:40 AM
    Nginx 1.13.x
    MariaDB 5.5
    Yup reboot is best when you can :)
     
  15. trxerz

    trxerz Member

    66
    5
    8
    Jun 25, 2015
    Ratings:
    +7
    Local Time:
    2:40 AM
  16. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:40 AM
    Nginx 1.13.x
    MariaDB 5.5
    check your spam and junk folders as emails from root usually get trapped there - you can setup a filter rule for emails from root@yourhostname to not go to spam and label/filter then etc

    rpm changelog commands posted at Security - glibc vulnerability CVE-2015-7547 | Centmin Mod Community should verify if you have CVE-2015-7547 fixed