CVE-2015-0235
-
johnstetter
- Posts: 1
- Joined: 2015/01/27 19:55:16
CVE-2015-0235
Any word on when a glibc patch for CVE-2015-0235 will get pushed out to the repos?
Re: CVE-2015-0235
Not yet. It takes a while:
step 1) wait for Redhat to release the SRPM packages
step 2) rebuild them which takes about an hour for a big package like glibc
step 3) repeat for 32 and 64 bit packages
step 4) find someone who's not en-route to FOSDEM and get them to sign the packages
step 5) push to mirrors and wait for them to propagate
step 1) wait for Redhat to release the SRPM packages
step 2) rebuild them which takes about an hour for a big package like glibc
step 3) repeat for 32 and 64 bit packages
step 4) find someone who's not en-route to FOSDEM and get them to sign the packages
step 5) push to mirrors and wait for them to propagate
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2015-0235
All the glibc updates for CentOS 5, 6 and 7 have now been released and are currently being distributed to mirrors.
Re: CVE-2015-0235
Can anyone tell us how to step by step do the update without messing everything about ?
Will there be a test to confirm centos is not vulnerable anymore ?
Will there be a test to confirm centos is not vulnerable anymore ?
Re: CVE-2015-0235
still not available for my centos 6.6, even after clean all.
How long does distributing to mirrors usually take?
Also, shouldn't bypass mirrors?
How long does distributing to mirrors usually take?
Also, shouldn't
Code: Select all
yum --disableplugin=fastestmirror update
Last edited by gaia on 2015/01/28 13:50:23, edited 2 times in total.
Re: CVE-2015-0235
instructions for testing the vulnerability are here:leotan wrote:Can anyone tell us how to step by step do the update without messing everything about ?
Will there be a test to confirm centos is not vulnerable anymore ?
http://www.cyberciti.biz/faq/cve-2015-0 ... hel-linux/
Re: CVE-2015-0235
yum update and then reboot your system with shutdown -r now or equivalent.leotan wrote:Can anyone tell us how to step by step do the update without messing everything about ?
Anything from 15 minutes to a day or more, depending on how frequently your local mirror syncs. Generally speaking, around 75% of mirrors tend to be synced within four hours from update release time (with exceptions for major point updates, such as 6.5 -> 6.6). As of this writing, approximately 90% of the external mirrors have the new glibc update. Please note that the CentOS Project does not have any influence on how the external mirrors operate.gaia wrote:How long does distributing to mirrors usually take?
No, it does not. At this stage, if yum update does not suggest an updated glibc, try yum clean all once more. Another option for why yum update might not suggest an updated glibc is that you might have the update already. Some people use the yum-cron package to download and install updates automatically.gaia wrote:Also, shouldn'tbypass mirrors?Code: Select all
yum --disableplugin=fastestmirror update
Re: CVE-2015-0235
There is no update and the installed version is glibc-2.12-1.149.el6_6.4.x86_64.avij wrote:No, it does not. At this stage, if yum update does not suggest an updated glibc, try yum clean all once more. Another option for why yum update might not suggest an updated glibc is that you might have the update already. Some people use the yum-cron package to download and install updates automatically.
PS: Since this is about CentOS 6 maybe we should keep it going here.
Thank you