読者です 読者をやめる 読者になる 読者になる

02/16 に発表された「glibc」ライブラリに脆弱性対応

2016, 02/16 に発表された「glibc」ライブラリに脆弱性対応
 これ: http://www.itmedia.co.jp/enterprise/articles/1602/17/news065.html

対応一旦したので記載。

バージョン確認

$ sudo yum list glibc
Loaded plugins: fastestmirror, presto
Determining fastest mirrors
epel/metalink                                                                                                                                                                                                                                                                                          | 5.5 kB     00:00
 * base: ftp.iij.ad.jp
 * epel: ftp.iij.ad.jp
 * extras: ftp.iij.ad.jp
 * remi-safe: mirror.innosol.asia
 * updates: www.ftp.ne.jp
base                                                                                                                                                                                                                                                                                                   | 3.7 kB     00:00
epel                                                                                                                                                                                                                                                                                                   | 4.3 kB     00:00
epel/primary_db                                                                                                                                                                                                                                                                                        | 5.8 MB     00:00
extras                                                                                                                                                                                                                                                                                                 | 3.4 kB     00:00
newrelic                                                                                                                                                                                                                                                                                               |  951 B     00:00
remi-safe                                                                                                                                                                                                                                                                                              | 2.9 kB     00:00
remi-safe/primary_db                                                                                                                                                                                                                                                                                   | 238 kB     00:00
updates                                                                                                                                                                                                                                                                                                | 3.4 kB     00:00
updates/primary_db                                                                                                                                                                                                                                                                                     | 3.9 MB     00:00
Installed Packages
glibc.x86_64                                                                                                                                            2.12-1.166.el6_7.3   ← いまこれ                                                                                                                             @updates
Available Packages
glibc.i686                                                                                                                                              2.12-1.166.el6_7.7                                                                                                                                            updates
glibc.x86_64                                                                                                                                            2.12-1.166.el6_7.7  ← いた!!                                                                                                                                    updates

2.12-1.166.el6_7.7 が新しくあった。

このバージョンでネットでググる

http://www.compatdb.org/forums/topic/110936-centos-announce-cesa-20160175-critical-centos-6-glibc-security-update/

良さ気

(一番問題ある)依存ライブラリ系がupdateされちゃわないか確認

$ sudo yum update glibc
Loaded plugins: fastestmirror, presto
Setting up Update Process
Loading mirror speeds from cached hostfile
 * base: ftp.iij.ad.jp
 * epel: ftp.iij.ad.jp
 * extras: ftp.iij.ad.jp
 * remi-safe: mirror.innosol.asia
 * updates: www.ftp.ne.jp
Resolving Dependencies
--> Running transaction check
---> Package glibc.x86_64 0:2.12-1.166.el6_7.3 will be updated
--> Processing Dependency: glibc = 2.12-1.166.el6_7.3 for package: glibc-common-2.12-1.166.el6_7.3.x86_64
---> Package glibc.x86_64 0:2.12-1.166.el6_7.7 will be an update
--> Running transaction check
---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.3 will be updated
---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================================================================================================================================================================================
 Package                                                                        Arch                                                                     Version                                                                              Repository                                                                 Size
==============================================================================================================================================================================================================================================================================================================================
Updating:
 glibc                                                                          x86_64                                                                   2.12-1.166.el6_7.7                                                                   updates                                                                   3.8 M
Updating for dependencies:
 glibc-common                                                                   x86_64                                                                   2.12-1.166.el6_7.7                                                                   updates                                                                    14 M

Transaction Summary
==============================================================================================================================================================================================================================================================================================================================
Upgrade       2 Package(s)

Total download size: 18 M
Is this ok [y/N]:

アップデートされたら怖い、依存ライブラリもないので
良さ気

ということでupdate

$ sudo yum update glibc
Loaded plugins: fastestmirror, presto
Setting up Update Process
Loading mirror speeds from cached hostfile
 * base: ftp.iij.ad.jp
 * epel: ftp.iij.ad.jp
 * extras: ftp.iij.ad.jp
 * remi-safe: mirror.innosol.asia
 * updates: www.ftp.ne.jp
Resolving Dependencies
--> Running transaction check
---> Package glibc.x86_64 0:2.12-1.166.el6_7.3 will be updated
--> Processing Dependency: glibc = 2.12-1.166.el6_7.3 for package: glibc-common-2.12-1.166.el6_7.3.x86_64
---> Package glibc.x86_64 0:2.12-1.166.el6_7.7 will be an update
--> Running transaction check
---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.3 will be updated
---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================================================================================================================================================================================
 Package                                                                        Arch                                                                     Version                                                                              Repository                                                                 Size
==============================================================================================================================================================================================================================================================================================================================
Updating:
 glibc                                                                          x86_64                                                                   2.12-1.166.el6_7.7                                                                   updates                                                                   3.8 M
Updating for dependencies:
 glibc-common                                                                   x86_64                                                                   2.12-1.166.el6_7.7                                                                   updates                                                                    14 M

Transaction Summary
==============================================================================================================================================================================================================================================================================================================================
Upgrade       2 Package(s)

Total download size: 18 M
Is this ok [y/N]:y
Downloading Packages:
Setting up and reading Presto delta metadata
updates/prestodelta                                                                                                                                                                                                                                                                                    | 394 kB     00:00
Processing delta metadata
Download delta size: 562 k
glibc-2.12-1.166.el6_7.3_2.12-1.166.el6_7.7.x86_64.drpm                                                                                                                                                                                                                                                | 562 kB     00:00
Finishing rebuild of rpms, from deltarpms
<delta rebuild>                                                                                                                                                                                                                                                                                        | 3.8 MB     00:06
Presto reduced the update size by 86% (from 3.8 M to 562 k).
Package(s) data still to download: 14 M
glibc-common-2.12-1.166.el6_7.7.x86_64.rpm                                                                                                                                                                                                                                                             |  14 MB     00:01
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : glibc-common-2.12-1.166.el6_7.7.x86_64                                                                                                                                                                                                                                                                     1/4
  Updating   : glibc-2.12-1.166.el6_7.7.x86_64                                                                                                                                                                                                                                                                            2/4
  Cleanup    : glibc-common-2.12-1.166.el6_7.3.x86_64                                                                                                                                                                                                                                                                     3/4
  Cleanup    : glibc-2.12-1.166.el6_7.3.x86_64                                                                                                                                                                                                                                                                            4/4
  Verifying  : glibc-2.12-1.166.el6_7.7.x86_64                                                                                                                                                                                                                                                                            1/4
  Verifying  : glibc-common-2.12-1.166.el6_7.7.x86_64                                                                                                                                                                                                                                                                     2/4
  Verifying  : glibc-common-2.12-1.166.el6_7.3.x86_64                                                                                                                                                                                                                                                                     3/4
  Verifying  : glibc-2.12-1.166.el6_7.3.x86_64                                                                                                                                                                                                                                                                            4/4

Updated:
  glibc.x86_64 0:2.12-1.166.el6_7.7

Dependency Updated:
  glibc-common.x86_64 0:2.12-1.166.el6_7.7

Complete!

だん!

で、アプリケーション再起動
で、、

あとは、yum パッケージを信じる。