And please don't forget to restart all services or even better your entire server. If you don't do this your running processes will still have the old libraries loaded.
This is indeed a big one so update ASAP. It's known for a while and actively exploited. Sent from my iPhone > On 19 Feb 2016, at 17:08, Dan McAllister <[email protected]> wrote: > > Gentle Readers: > > Google and Red Hat have independently discovered a serious vulnerability in > glibc, present since the release of version 2.9 -- remote code execution is > more than just a theoretical possibility! > > Detailed technical details are available on the Google security blog at > https://googleonlinesecurity.blogspot.ca/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html, > but essentially, the glibc DNS client side resolver is vulnerable to a > stack-based buffer overflow when the gettaddrinfo() library function is used. > (This is the access of the servers listed in /etc/resolv.conf to execute DNS > lookups - and has NOTHING TO DO with hosting your own DNS server or resolver!) > > If you are running a mail server (QMail or other), you are relying HEAVILY on > this library ... at EXACTLY the crux of this vulnerability! Do yourself a > favor and update TODAY (or, at the very least, over the weekend!). > > If you are running RHEL or CentOS 6 or 7, you are likely vulnerable. (If you > are still on RHEL or CentOS 4 or 5, your procrastination has accidentally > served you well - you never got the update to 2.9, and so while you do have > other vulnerabilities, you don't have THIS ONE!). > > Red Hat has released a PATCH -- and in 6, you will have to reboot to effect > the change. Fortunately, in 7 there is a command that will swap in the new > glibc "live". (See below) > > The earliest PATCHED versions of glibc for RedHat/CentOS are: > - RHEL/COS 6 : glibc-2.12-1.166.el6_7.7 > - RHEL/COS 7 : glibc-2.17-106.el7_2.4 > NOTE: On 7, you can run the command: systemctl daemon-reexec to load the > updated library, and thus avoid a reboot. > > If you haven't updated your system within the past day or two, you likely > need this patch! A simple yum update -y should get you the newest version, as > the REPOs should all have the latest release by now. > > Have a good weekend! LOL > > Dan McAllister > IT4SOHO > > PS: Yes, I have over 40 Linux servers that will have to be managed in the > next 2-3 days... happy working weekend for me! > >
