glibc vulnerability advice?

flaxton · Feb 17, 2016

It is safe to update on CentOS 6 and Ubuntu 14 when Plesk is installed?

If you don't know what I'm talking about, read this:

Extremely severe bug leaves dizzying number of software and devices vulnerable - arstechnica.com

http://arstechnica.com/security/201...zzying-number-of-apps-and-devices-vulnerable/

IgorG · Feb 17, 2016

Patch already released - https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

gbotica · Feb 18, 2016

IgorG said:
Patch already released - https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

The original poster is asking if it's safe to apply the patch to a Plesk server, not whether such a patch exists.

FYI, I've updated the glibc package on my 2 Plesk CentOS 6 servers, and all seems to be fine.

Code:

yum clean all
yum update glibc

IgorG · Feb 18, 2016

I do not see any reasons why OS security update may affect Plesk functionality.

IgorG · Feb 18, 2016

We have released special KB article regarding this issue - https://kb.odin.com/en/128375
You can safely update your OSes.

flaxton · Feb 18, 2016

Thanks, that what I was looking for ;-)

Gene Steinberg · Feb 19, 2016

Yes, not a single line about how to apply the patch. Way to go!

Peace,
Gene

flaxton · Feb 19, 2016

gbotica gave instructions on how to apply on RedHat/CentOS. But I agree, the first article shared wasn't helpful - no instructions on how to apply this to a server running Plesk and some Linux variant that is supported, like Ubuntu or CentOS.

I really don't feel like applying a patch manually or compiling from source. Been there, done that and don't have time these days!

Gene Steinberg · Feb 19, 2016

Yes, I caught that after posting. Two simple command line instructions. Worked fine. Thanks.

Peace,
Gene

Gene Steinberg · Feb 22, 2016

Tried all the commands above to update glibc.

Everything is updated.

But I get this:

[root@server ~]# ldd --version
ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

Is that the correct version? I'm told it's not.

So where do I get the correct one?

Peace,
Gene

glibc vulnerability advice?

flaxton

Basic Pleskian

IgorG

Plesk addicted!

gbotica

Regular Pleskian

IgorG

Plesk addicted!

IgorG

Plesk addicted!

flaxton

Basic Pleskian

Gene Steinberg

Regular Pleskian

flaxton

Basic Pleskian

Gene Steinberg

Regular Pleskian

Gene Steinberg

Regular Pleskian

Similar threads