Qualys最新的发现并且公布了linux漏洞“CVE-2015-0235”,对于绝大多数人来说这个漏洞都应该重视起来,受影响的系统有:Debian 7,CentOS 6 & 7,Ubuntu 12.04,不受影响的有:Fedora 20 & 21,Ubuntu 14.04 and 14.10,Arch,OpenSuse 13.2。debian7系统版本低于2.13-38+deb7u7的都是不安全的,ubuntu系统低于2.15-0ubuntu10.10同样是不安全的,自己来检查一下:
# aptitude show libc6
Package: libc6
State: installed
Automatically installed: no
Multi-Arch: same
Version: 2.13-38+deb7u6
Priority: required
Section: libs
Maintainer: GNU Libc Maintainers
Architecture: amd64
Uncompressed Size: 9,687 k
Depends: libc-bin (= 2.13-38+deb7u6), libgcc1
Suggests: glibc-doc, debconf | debconf-2.0, locales
Conflicts: prelink (<= 0.0.20090311-1), tzdata (< 2007k-1), tzdata-etch
Breaks: locales (< 2.13), locales-all (< 2.13), lsb-core (<= 3.2-27), nscd (< 2.13)
Replaces: libc6-amd64
Provides: glibc-2.13-1
Description: Embedded GNU C Library: Shared libraries
Contains the standard libraries that are used by nearly all programs on the system. This package includes shared versions of the standard C library and the
standard math library, as well as many others.
Homepage: http://www.eglibc.org
centos 7早于glibc-2.17-55.el7_0.5 以及centos 6 早于glibc-2.12-1.149.el6_6.5的都需要打补丁,下面的命令你会用到的:
# yum info glibc
....
Installed Packages
Name : glibc
Arch : x86_64
Version : 2.17
Release : 55.el7_0.1
Size : 13 M
Repo : installed
From repo : updates
Summary : The GNU libc libraries
URL : http://www.gnu.org/software/glibc/
License : LGPLv2+ and LGPLv2+ with exceptions and GPLv2+
Description : The glibc package contains standard libraries which are used by
: multiple programs on the system. In order to save disk space and
: memory, as well as to make upgrading easier, common system code is
: kept in one place and shared between programs. This particular package
: contains the most important sets of shared libraries: the standard C
: library and the standard math library. Without these two libraries, a
: Linux system will not function.
打补丁办法很简单:
debian:
apt-get update
apt-get dist-upgrade
centos和fedora
yum clean all
yum update