Glibc vulnerability

A highly critical vulnerability has noticed in glibc ( GNU C Library ) . For CentOS/RedHat, only version 6 and 7 are affected. CentOS 5 (RedHat 5) and older versions are not affected by this. Just clicking on a link or connecting to a server can result in remote code execution (RCE), allowing hackers to steal credentials, spy on users, seize control of computers, and many more. To understand more about the vulnerability  read the article https://access.redhat.com/security/cve/CVE-2015-7547

Versions affected: All glibc from 2.9 to 2.22 are affected by this vulnerability.

How to check the vulnerability

For an example here I am using my CentOS 6 machine.

# rpm -qa | grep -i glibc
glibc-2.12-1.149.el6_6.5.x86_64
glibc-headers-2.12-1.149.el6_6.5.x86_64
glibc-common-2.12-1.149.el6_6.5.x86_64
glibc-devel-2.12-1.149.el6_6.5.x86_64

From the above result its clear that the installed glibc is vulnerable

This vulnerability has been there since glibc 2.9 which was originally released on Nov 2008. Now that this has become uncovered, you should patch your system immediately.

Patch for glibc vulnerability

To fix the problem just update the installed glibc library

# yum -y update glibc
..
Updated: glibc.x86_64 0:2.12-1.166.el6_7.7

Dependency Updated:
glibc-common.x86_64 0:2.12-1.166.el6_7.7
glibc-devel.x86_64 0:2.12-1.166.el6_7.7
glibc-headers.x86_64 0:2.12-1.166.el6_7.7

Leave a Reply

Your email address will not be published.