Mageia forum

[leon244]

Is there a way for me to patch glibc on Mageia3 against the Ghost vulnerability?

[benmc]

As Mageia 3 is End of Life- no longer officially supported, it is unlikely that a patched glibc will be provided by Mageia.

from ZDnet " the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18."
therefore, if your glibc version is 2.18, you should be ok.
you can check ẗo see if you are vulnerable by following this " http://www.cyberciti.biz/faq/cve-2015-0 ... hel-linux/ ",

have you considered upgrading to Mageia 4.1?

regards

Benmc

[leon244]

thank you. I have tested and am vulnerable. I have considered 4.1, but was planning to wait for 5. Since updating for me is a fresh install (I am leary of an update) and a lot of work, I wanted to wait for Mageia5 which, I believe, should be out in a couple of months. I guess I will just have to wait and take my chances.

[gregms]

So is the source rpm version that is out there: glibc-2.20-14.mga5.src.rpm is that one vulnerable or not?

[jkerr82508]

No, glibc-2.20-14.mga5 is not vulnerable. Nor is the current version for Mageia 4, glibc-2.18-9.8.mga4

Jim

[claire]

As far as I'm aware, it's only exim mailserver which has been shown to be remotely exploitable by the ghost vulnerability. Unless you expose services to the public or are worried about others who may use your computer potentially finding a privilege escalation, it's not as urgent as the popular media suggest it to be.

If you are still using Mageia 3 then you haven't had any updates for some time now and probably have bigger things to worry about, like flash updates etc. If you're using Mageia 3 still and you are exposing services to the public however then I'd recommend not doing so until you upgrade.

[jiml8]

For anyone who is interested, this code shows the vulnerability. I picked it up on another board.

Code: Select all

#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#define CANARY "in_the_coal_mine"

struct {
char buffer[1024];
char canary[sizeof(CANARY)];
} temp = { "buffer", CANARY };

int main(void) {
struct hostent resbuf;
struct hostent *result;
int herrno;
int retval;

/*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/
size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;
char name[sizeof(temp.buffer)];
memset(name, '0', len);
name[len] = '\0';

retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);

if (strcmp(temp.canary, CANARY) != 0) {
puts("vulnerable");
exit(EXIT_SUCCESS);
}
if (retval == ERANGE) {
puts("not vulnerable");
exit(EXIT_SUCCESS);
}
puts("should not happen");
exit(EXIT_FAILURE);
}


[Brain]

Hi, i've create rpm patched packages for mageia3 this night. I'll test them this afternoon. If it's ok, i'll put them on my website.

best regards,

--
Christophe Casalegno
http://www.christophe-casalegno.com

Moved from moderation-queue by moderator

[Brain]

Hi, after tests i've succefully patched Glibc againt GHOST vulnerability. I'll put patched rpm online in the next hours,

best regards,

--
Christophe Casalegno
http://www.christophe-casalegno.com

[Brain]

Tests are ok : http://www.christophe-casalegno.com/201 ... 2-mageia3/

PS : dont forget to backup, etc. before. I've patched more than 25 servers this afternoon with success.

best regards,

--
Christophe Casalegno
http://www.christophe.casalegno.com