02/16 に発表された「glibc」ライブラリに脆弱性対応
2016, 02/16 に発表された「glibc」ライブラリに脆弱性対応
これ: http://www.itmedia.co.jp/enterprise/articles/1602/17/news065.html
対応一旦したので記載。
バージョン確認
$ sudo yum list glibc Loaded plugins: fastestmirror, presto Determining fastest mirrors epel/metalink | 5.5 kB 00:00 * base: ftp.iij.ad.jp * epel: ftp.iij.ad.jp * extras: ftp.iij.ad.jp * remi-safe: mirror.innosol.asia * updates: www.ftp.ne.jp base | 3.7 kB 00:00 epel | 4.3 kB 00:00 epel/primary_db | 5.8 MB 00:00 extras | 3.4 kB 00:00 newrelic | 951 B 00:00 remi-safe | 2.9 kB 00:00 remi-safe/primary_db | 238 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 3.9 MB 00:00 Installed Packages glibc.x86_64 2.12-1.166.el6_7.3 ← いまこれ @updates Available Packages glibc.i686 2.12-1.166.el6_7.7 updates glibc.x86_64 2.12-1.166.el6_7.7 ← いた!! updates
2.12-1.166.el6_7.7
が新しくあった。
このバージョンでネットでググる
良さ気
(一番問題ある)依存ライブラリ系がupdateされちゃわないか確認
$ sudo yum update glibc Loaded plugins: fastestmirror, presto Setting up Update Process Loading mirror speeds from cached hostfile * base: ftp.iij.ad.jp * epel: ftp.iij.ad.jp * extras: ftp.iij.ad.jp * remi-safe: mirror.innosol.asia * updates: www.ftp.ne.jp Resolving Dependencies --> Running transaction check ---> Package glibc.x86_64 0:2.12-1.166.el6_7.3 will be updated --> Processing Dependency: glibc = 2.12-1.166.el6_7.3 for package: glibc-common-2.12-1.166.el6_7.3.x86_64 ---> Package glibc.x86_64 0:2.12-1.166.el6_7.7 will be an update --> Running transaction check ---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.3 will be updated ---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.7 will be an update --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================================================================================================================================================================================== Updating: glibc x86_64 2.12-1.166.el6_7.7 updates 3.8 M Updating for dependencies: glibc-common x86_64 2.12-1.166.el6_7.7 updates 14 M Transaction Summary ============================================================================================================================================================================================================================================================================================================================== Upgrade 2 Package(s) Total download size: 18 M Is this ok [y/N]:
アップデートされたら怖い、依存ライブラリもないので
良さ気
ということでupdate
$ sudo yum update glibc Loaded plugins: fastestmirror, presto Setting up Update Process Loading mirror speeds from cached hostfile * base: ftp.iij.ad.jp * epel: ftp.iij.ad.jp * extras: ftp.iij.ad.jp * remi-safe: mirror.innosol.asia * updates: www.ftp.ne.jp Resolving Dependencies --> Running transaction check ---> Package glibc.x86_64 0:2.12-1.166.el6_7.3 will be updated --> Processing Dependency: glibc = 2.12-1.166.el6_7.3 for package: glibc-common-2.12-1.166.el6_7.3.x86_64 ---> Package glibc.x86_64 0:2.12-1.166.el6_7.7 will be an update --> Running transaction check ---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.3 will be updated ---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.7 will be an update --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================================================================================================================================================================================== Updating: glibc x86_64 2.12-1.166.el6_7.7 updates 3.8 M Updating for dependencies: glibc-common x86_64 2.12-1.166.el6_7.7 updates 14 M Transaction Summary ============================================================================================================================================================================================================================================================================================================================== Upgrade 2 Package(s) Total download size: 18 M Is this ok [y/N]:y Downloading Packages: Setting up and reading Presto delta metadata updates/prestodelta | 394 kB 00:00 Processing delta metadata Download delta size: 562 k glibc-2.12-1.166.el6_7.3_2.12-1.166.el6_7.7.x86_64.drpm | 562 kB 00:00 Finishing rebuild of rpms, from deltarpms <delta rebuild> | 3.8 MB 00:06 Presto reduced the update size by 86% (from 3.8 M to 562 k). Package(s) data still to download: 14 M glibc-common-2.12-1.166.el6_7.7.x86_64.rpm | 14 MB 00:01 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : glibc-common-2.12-1.166.el6_7.7.x86_64 1/4 Updating : glibc-2.12-1.166.el6_7.7.x86_64 2/4 Cleanup : glibc-common-2.12-1.166.el6_7.3.x86_64 3/4 Cleanup : glibc-2.12-1.166.el6_7.3.x86_64 4/4 Verifying : glibc-2.12-1.166.el6_7.7.x86_64 1/4 Verifying : glibc-common-2.12-1.166.el6_7.7.x86_64 2/4 Verifying : glibc-common-2.12-1.166.el6_7.3.x86_64 3/4 Verifying : glibc-2.12-1.166.el6_7.3.x86_64 4/4 Updated: glibc.x86_64 0:2.12-1.166.el6_7.7 Dependency Updated: glibc-common.x86_64 0:2.12-1.166.el6_7.7 Complete!
だん!
で、アプリケーション再起動
で、、
あとは、yum パッケージを信じる。