IT Notebook

ITについての備忘録的なブログです

Security - GHOST(CVE-2015-0235)の対応

glibc脆弱性が公開されたときの対応について。 いろいろと調べると発生する可能性は低そうですが、 パッチが提供されているようなので対応しました。 ※1部コンパイルして環境構築したシステムではエラーがでてしまいました。

リポジトリのキャッシュのアップデート

apt-get update

更新前のライブラリ状況

/lib/x86_64-linux-gnu/libc.so.6

※出力結果はこんな感じ

GNU C Library (Ubuntu EGLIBC 2.15-0ubuntu10.3) stable release version 2.15, by Roland McGrath et al.
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 4.6.3.
Compiled on a Linux 3.2.30 system on 2012-10-05.
Available extensions:
crypt add-on version 2.1 by Michael Glad and others
GNU Libidn by Simon Josefsson
Native POSIX Threads Library by Ulrich Drepper et al
BIND-8.2.3-T5B
libc ABIs: UNIQUE IFUNC
For bug reporting instructions, please see:

glibcのアップグレード

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
icedtea-6-jre-cacao icedtea-6-jre-jamvm linux-image-virtual linux-virtual openjdk-6-jre openjdk-6-jre-headless openjdk-6-jre-lib
The following packages will be upgraded:
accountsservice apparmor apport apt apt-transport-https apt-utils apt-xapian-index aptitude base-files bash bash-completion bc bind9-host binutils
bsdutils ca-certificates cloud-init cloud-utils coreutils cpio curl dbus dmidecode dmsetup dnsutils dosfstools dpkg file gir1.2-gudev-1.0 git git-man
gnupg gpgv graphviz grub-common grub-legacy-ec2 grub-pc grub-pc-bin grub2-common icedtea-netx icedtea-netx-common ifupdown initramfs-tools
initramfs-tools-bin iproute iptables isc-dhcp-client isc-dhcp-common krb5-locales landscape-client landscape-common language-selector-common
libaccountsservice0 libapt-inst1.4 libapt-pkg4.12 libasn1-8-heimdal libasound2 libavahi-client3 libavahi-common-data libavahi-common3 libbind9-80
libblkid1 libc-bin libc-dev-bin libc6 libc6-dev libcdt4 libcgraph5 libcups2 libcurl3 libcurl3-gnutls libdbus-1-3 libdbus-glib-1-2 libdevmapper1.02.1
libdns81 libdrm-intel1 libdrm-nouveau1a libdrm-radeon1 libdrm2 libelf1 libevent-2.0-5 libflac8 libfreetype6 libgcrypt11 libgdk-pixbuf2.0-0
libgdk-pixbuf2.0-common libglib2.0-0 libgnutls26 libgraph4 libgssapi-krb5-2 libgssapi3-heimdal libgtk2.0-0 libgtk2.0-bin libgtk2.0-common
libgudev-1.0-0 libgvc5 libgvpr1 libhcrypto4-heimdal libheimbase1-heimdal libheimntlm0-heimdal libhx509-5-heimdal libisc83 libisccc80 libisccfg82
libjasper1 libjpeg-turbo8 libjson0 libk5crypto3 libkrb5-26-heimdal libkrb5-3 libkrb5support0 libldap-2.4-2 liblockfile-bin liblockfile1 liblwres80
libmagic1 libmount1 libmysqlclient18 libnih-dbus1 libnih1 libnspr4 libnss3 libnss3-1d libparted0debian1 libpathplan4 libpci3 libpciaccess0
libpixman-1-0 libplymouth2 libpolkit-gobject-1-0 libpulse0 libpython2.7 libroken18-heimdal libruby1.9.1 libssl-dev libssl-doc libssl0.9.8 libssl1.0.0
libtasn1-3 libtiff4 libudev0 libuuid1 libwind0-heimdal libx11-6 libx11-data libxcb-render0 libxcb-shm0 libxcb1 libxcursor1 libxext6 libxfixes3 libxi6
libxinerama1 libxml2 libxrandr2 libxrender1 libxslt1.1 libxt6 libxtst6 libyaml-0-2 linux-firmware linux-libc-dev lsb-base lsb-release man-db
mime-support mount mountall multiarch-support mysql-client-core-5.5 mysql-common nginx nginx-common nginx-full ntp ntpdate openssh-client
openssh-server openssl parted pciutils perl perl-base perl-modules php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-ldap php5-mysql
plymouth plymouth-theme-ubuntu-text ppp procps python python-apport python-apt python-apt-common python-boto python-httplib2 python-lazr.restfulclient
python-minimal python-openssl python-paramiko python-problem-report python-software-properties python-yaml python2.7 python2.7-minimal rsyslog
ruby1.9.1 sudo tcpdump td-agent tzdata tzdata-java ubuntu-minimal ubuntu-standard udev unattended-upgrades unzip update-manager-core
update-notifier-common upstart util-linux uuid-runtime w3m wget whoopsie wpasupplicant xkb-data
234 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
Need to get 177 MB of archives.
After this operation, 54.2 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y

※かなりの量だけど自己責任で負けずにアップデート

更新前のライブラリ状況

/lib/x86_64-linux-gnu/libc.so.6

※出力結果はこんな感じ

# /lib/x86_64-linux-gnu/libc.so.6
GNU C Library (Ubuntu EGLIBC 2.15-0ubuntu10.10) stable release version 2.15, by Roland McGrath et al.
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 4.6.3.
Compiled on a Linux 3.2.64 system on 2015-01-21.
Available extensions:
crypt add-on version 2.1 by Michael Glad and others
GNU Libidn by Simon Josefsson
Native POSIX Threads Library by Ulrich Drepper et al
BIND-8.2.3-T5B
libc ABIs: UNIQUE IFUNC
For bug reporting instructions, please see:

※とりあえずアップデートされているよう