glibcの脆弱性が公開されたときの対応について。
いろいろと調べると発生する可能性は低そうですが、
パッチが提供されているようなので対応しました。
※1部コンパイルして環境構築したシステムではエラーがでてしまいました。
リポジトリのキャッシュのアップデート
apt-get update
更新前のライブラリ状況
/lib/x86_64-linux-gnu/libc.so.6
※出力結果はこんな感じ
GNU C Library (Ubuntu EGLIBC 2.15-0ubuntu10.3) stable release version 2.15, by Roland McGrath et al. Copyright (C) 2012 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled by GNU CC version 4.6.3. Compiled on a Linux 3.2.30 system on 2012-10-05. Available extensions: crypt add-on version 2.1 by Michael Glad and others GNU Libidn by Simon Josefsson Native POSIX Threads Library by Ulrich Drepper et al BIND-8.2.3-T5B libc ABIs: UNIQUE IFUNC For bug reporting instructions, please see:
※glibcのアップグレード
Reading package lists... Done Building dependency tree Reading state information... Done The following packages have been kept back: icedtea-6-jre-cacao icedtea-6-jre-jamvm linux-image-virtual linux-virtual openjdk-6-jre openjdk-6-jre-headless openjdk-6-jre-lib The following packages will be upgraded: accountsservice apparmor apport apt apt-transport-https apt-utils apt-xapian-index aptitude base-files bash bash-completion bc bind9-host binutils bsdutils ca-certificates cloud-init cloud-utils coreutils cpio curl dbus dmidecode dmsetup dnsutils dosfstools dpkg file gir1.2-gudev-1.0 git git-man gnupg gpgv graphviz grub-common grub-legacy-ec2 grub-pc grub-pc-bin grub2-common icedtea-netx icedtea-netx-common ifupdown initramfs-tools initramfs-tools-bin iproute iptables isc-dhcp-client isc-dhcp-common krb5-locales landscape-client landscape-common language-selector-common libaccountsservice0 libapt-inst1.4 libapt-pkg4.12 libasn1-8-heimdal libasound2 libavahi-client3 libavahi-common-data libavahi-common3 libbind9-80 libblkid1 libc-bin libc-dev-bin libc6 libc6-dev libcdt4 libcgraph5 libcups2 libcurl3 libcurl3-gnutls libdbus-1-3 libdbus-glib-1-2 libdevmapper1.02.1 libdns81 libdrm-intel1 libdrm-nouveau1a libdrm-radeon1 libdrm2 libelf1 libevent-2.0-5 libflac8 libfreetype6 libgcrypt11 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libglib2.0-0 libgnutls26 libgraph4 libgssapi-krb5-2 libgssapi3-heimdal libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libgudev-1.0-0 libgvc5 libgvpr1 libhcrypto4-heimdal libheimbase1-heimdal libheimntlm0-heimdal libhx509-5-heimdal libisc83 libisccc80 libisccfg82 libjasper1 libjpeg-turbo8 libjson0 libk5crypto3 libkrb5-26-heimdal libkrb5-3 libkrb5support0 libldap-2.4-2 liblockfile-bin liblockfile1 liblwres80 libmagic1 libmount1 libmysqlclient18 libnih-dbus1 libnih1 libnspr4 libnss3 libnss3-1d libparted0debian1 libpathplan4 libpci3 libpciaccess0 libpixman-1-0 libplymouth2 libpolkit-gobject-1-0 libpulse0 libpython2.7 libroken18-heimdal libruby1.9.1 libssl-dev libssl-doc libssl0.9.8 libssl1.0.0 libtasn1-3 libtiff4 libudev0 libuuid1 libwind0-heimdal libx11-6 libx11-data libxcb-render0 libxcb-shm0 libxcb1 libxcursor1 libxext6 libxfixes3 libxi6 libxinerama1 libxml2 libxrandr2 libxrender1 libxslt1.1 libxt6 libxtst6 libyaml-0-2 linux-firmware linux-libc-dev lsb-base lsb-release man-db mime-support mount mountall multiarch-support mysql-client-core-5.5 mysql-common nginx nginx-common nginx-full ntp ntpdate openssh-client openssh-server openssl parted pciutils perl perl-base perl-modules php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-ldap php5-mysql plymouth plymouth-theme-ubuntu-text ppp procps python python-apport python-apt python-apt-common python-boto python-httplib2 python-lazr.restfulclient python-minimal python-openssl python-paramiko python-problem-report python-software-properties python-yaml python2.7 python2.7-minimal rsyslog ruby1.9.1 sudo tcpdump td-agent tzdata tzdata-java ubuntu-minimal ubuntu-standard udev unattended-upgrades unzip update-manager-core update-notifier-common upstart util-linux uuid-runtime w3m wget whoopsie wpasupplicant xkb-data 234 upgraded, 0 newly installed, 0 to remove and 7 not upgraded. Need to get 177 MB of archives. After this operation, 54.2 MB of additional disk space will be used. Do you want to continue [Y/n]? Y
※かなりの量だけど自己責任で負けずにアップデート
更新前のライブラリ状況
/lib/x86_64-linux-gnu/libc.so.6
※出力結果はこんな感じ
# /lib/x86_64-linux-gnu/libc.so.6 GNU C Library (Ubuntu EGLIBC 2.15-0ubuntu10.10) stable release version 2.15, by Roland McGrath et al. Copyright (C) 2012 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled by GNU CC version 4.6.3. Compiled on a Linux 3.2.64 system on 2015-01-21. Available extensions: crypt add-on version 2.1 by Michael Glad and others GNU Libidn by Simon Josefsson Native POSIX Threads Library by Ulrich Drepper et al BIND-8.2.3-T5B libc ABIs: UNIQUE IFUNC For bug reporting instructions, please see:
※とりあえずアップデートされているよう