CVE-2015-7547 glibc security | Update via Yum

[PriyanA]

Hi,
How safe to update via yum, since Plesk recommend,

exclude=kernel* sendmail bind-chroot caching-nameserver

?

Thank you

 

[xyptilon]

We do it all the time, but you can also just do:

yum install glibc

 

[Dree]

Don't forget to restart all services using glibc, otherwise it's no use to update.

 

[xyptilon]

Found a oneliner (not mine) that checks which services need to be restarted (courtesy of Thomas in the comments): https://ma.ttias.be/ghost-critical-glibc-update-cve-2015-0235-gethostbyname-calls/

servicelist=""; for problemservice in `lsof 2> /dev/null | grep libc | awk '{print $1}' | sort | uniq`; do for service in `ls /etc/init.d/* | awk -F "/etc/init.d/" '{print $2}'`; do if [ "$problemservice" == "$service" ]; then if [ -n "`service $problemservice status | grep running`" ]; then servicelist+=" $problemservice"; else echo "$problemservice found but service is not running"; fi; fi; done; done; count=`tr -dc ' ' <<<"$servicelist" | wc -c`; servicelist=`echo $servicelist | xargs`; echo -n "$count services have to be restarted ($servicelist): continue (y/N)? "; read continue; if [ $continue == "y" ]; then for service in $servicelist; do /etc/init.d/$service restart; done; else echo "Leaving without restarting services"; fi

 

[PriyanA]

Thank you! Everyone!