Updating for Vulnerability CVE-2015-7547

Find out details about red hat support for the Common Vulnerability. Learn it youself by following step by step tutorial.

Overview

The Google Security Team and Red Hat have discovered a flaw in the way that certain types of DNS lookups are handled on some Linux servers. By exploiting this critical vulnerability, an attacker could gain full control over the system.

Impact

The code that causes the vulnerability was introduced in a 2008 update to the GNU C Library (glibc). That package contains a library against which all GNU/Linux programs are linked, and the flaw affects the version of glibc included in a number of current Linux distributions:

• CentOS 6 and 7
• Fedora 22 and 23
• Ubuntu 12.04 LTS, 14.04 LTS
• Debian 6 (squeeze), 7 (wheezy)

Resolution

On affected servers, glibc needs to be updated and the server rebooted. 

First SSH to the server, see: https://www.vpsblocks.com.au/support/Knowledgebase/Article/View/41/0/how-do-i-use-ssh 

Step #1: Check the Current glibc Version

1. On CentOS 6 and CentOS 7 servers, run:

   yum list glibc

   That will produce output similar to:

   [root@host ~]# yum list glibc
Installed Packages
glibc.x86_64     2.17-106.el7_2.1     @system-updates-released
Available Packages
glibc.i686     2.17-106.el7_2.1     system-updates-released

   The currently installed version is listed under Installed Packages.

2. On Fedora 22 and Fedora 23 servers, run:

   dnf list glibc

   That will produce output similar to:

   [root@host ~]# dnf list glibc
Installed Packages
glibc.x86_64     2.21-5.fc22     @System
Available Packages
glibc.i686     2.21-5.fc22     fedora

   The currently installed version is listed under Installed Packages.

3. On Debian (6, 7) and Ubuntu (12.04 LTS, 14.04) servers, run:

   ldd --version

   That will produce output similar to:

   [root@host ~]# ldd --version
ldd (Ubuntu EGLIBC 2.21-0ubuntu4.1) 2.19
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

   The currently installed version in this example is 2.21-0ubuntu4.1.

Step #2: Is the Installed Version Vulnerable?

If the version returned by the command you ran above matches (or exceeds) the version listed below for your operating system, then the vulnerability already has been patched:

• Patched versions:
• CentOS 6: glibc-2.12-1.166.el6_7.7
• CentOS 7: glibc-2.17-106.el7_2.4
• Fedora 22: glibc-2.21-11.fc22
• Fedora 23: glibc-2.22-9.fc23
• Debian 6 (squeeze): eglibc 2.11.3-4+deb6u11
• Debian 7 (wheezy): eglibc 2.13-38+deb7u10
• Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.7
• Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.13

If the version returned by the command you ran in Step 1 is lower than what’s listed above for your operating system you will need to proceed to Step 3 to upgrade and reboot.

Step #3: Update glibc on a Self-Managed Server

Run these commands as root to update and reboot:

1. On Debian (6, 7) and Ubuntu (12.04 LTS, 14.04 LTS) servers:
   apt-get update
apt-get upgrade
reboot

    

2. On CentOS 6 and CentOS 7 servers (to update only glibc):
yum clean all
yum update glibc
reboot

On CentOS 6 and CentOS 7 servers (to update all packages -recommended):
yum install yum-utils -y && package-cleanup --oldkernels --count=1 -y && sed -i 's/installonly_limit=.*/installonly_limit=2/g' /etc/yum.conf && yum clean all && yum update -y
reboot

    

3. On Fedora 22 and Fedora 23 servers:
   dnf clean all
dnf update
reboot