glibc Ghost vulnerability
- cayaraa
- Outstanding Member
- Posts: 341
- Joined: Sat Sep 13, 2014 12:33 am
- ZCS/ZD Version: ZCS 8 NE & ZCS 8 FOSS
glibc Ghost vulnerability
Is it know if zimbra has any binary files that have statically linked glibc or will updating the host catch all the links to the system glibc?
I've checked nginx and postfix and both of them seems to be using system:
$ ldd /opt/zimbra/nginx/sbin/nginx |grep "libc."
libc.so.6 => /lib64/libc.so.6 (0x00007f12deda2000)
$ ldd /opt/zimbra/postfix/sbin/postfix |grep "libc."
libc.so.6 => /lib64/libc.so.6 (0x00007fc3f9e0e000)
https://isc.sans.edu/forums/diary/New+C ... OST/19237/
- cayaraa
- Outstanding Member
- Posts: 341
- Joined: Sat Sep 13, 2014 12:33 am
- ZCS/ZD Version: ZCS 8 NE & ZCS 8 FOSS
glibc Ghost vulnerability
Sounds like it might not be as commonly exploitable as the first stuff I was reading lead me to believe:
"Here is a list of potential targets that we investigated (they all call
gethostbyname, one way or another), but to the best of our knowledge,
the buffer overflow cannot be triggered in any of them:
apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,
vsftpd, xinetd."
http://www.openwall.com/lists/oss-secur ... 5/01/27/18
"Here is a list of potential targets that we investigated (they all call
gethostbyname, one way or another), but to the best of our knowledge,
the buffer overflow cannot be triggered in any of them:
apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,
vsftpd, xinetd."
http://www.openwall.com/lists/oss-secur ... 5/01/27/18
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
glibc Ghost vulnerability
Hi cayaraa,
Is a critical issue and we need to update the OS to be sure that you are not vulnerable for other applications.
Best regards
Is a critical issue and we need to update the OS to be sure that you are not vulnerable for other applications.
Best regards
-
- Advanced member
- Posts: 59
- Joined: Sat Sep 13, 2014 2:09 am
- Location: Overland Park, KS USA
- ZCS/ZD Version: Release 8.6.0.GA.1153.UBUNTU12.64 U
glibc Ghost vulnerability
Thank you for the information, but I do have a question regarding the update. Ubuntu recommends using the following commands:
sudo apt-get clean
sudo apt-get update
sudo apt-get dist-upgrade
Will this be safe to run on Ubuntu linux servers, as far as not "disturbing" the Zimbra installation?
Thank you for your time!
Mark
sudo apt-get clean
sudo apt-get update
sudo apt-get dist-upgrade
Will this be safe to run on Ubuntu linux servers, as far as not "disturbing" the Zimbra installation?
Thank you for your time!
Mark
________________________
Network Administrator
Overland Park, KS, USA
Release 8.6.0.GA.1153.UBUNTU12.64 UBUNTU12_64 NETWORK edition, Patch 8.6.0_P6.
Network Administrator
Overland Park, KS, USA
Release 8.6.0.GA.1153.UBUNTU12.64 UBUNTU12_64 NETWORK edition, Patch 8.6.0_P6.
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
glibc Ghost vulnerability
Hi mhlevy,
If you run a dist-upgrade you will upgrade all the Ubuntu to the next version. You need to run the next steps:
sudo apt-get clean
sudo apt-get update
sudo apt-get upgrade
Remember to do some backup or snapshot before.
Best regards
If you run a dist-upgrade you will upgrade all the Ubuntu to the next version. You need to run the next steps:
sudo apt-get clean
sudo apt-get update
sudo apt-get upgrade
Remember to do some backup or snapshot before.
Best regards
-
- Advanced member
- Posts: 59
- Joined: Sat Sep 13, 2014 2:09 am
- Location: Overland Park, KS USA
- ZCS/ZD Version: Release 8.6.0.GA.1153.UBUNTU12.64 U
glibc Ghost vulnerability
Thanks very much. That could have been a disaster, and thankfully, we are running the Ubuntu servers on Vmware, so snapshots will be taken before.
________________________
Network Administrator
Overland Park, KS, USA
Release 8.6.0.GA.1153.UBUNTU12.64 UBUNTU12_64 NETWORK edition, Patch 8.6.0_P6.
Network Administrator
Overland Park, KS, USA
Release 8.6.0.GA.1153.UBUNTU12.64 UBUNTU12_64 NETWORK edition, Patch 8.6.0_P6.
-
- Posts: 48
- Joined: Sat Sep 13, 2014 2:37 am
glibc Ghost vulnerability
Hi All,
Can we do an "apt-get install --only-upgrade libc-bin libc-dev-bin libc6 libc6-dev" or "apt-get upgrade" then the "apt-get dist-upgrade"?
Regards.
Can we do an "apt-get install --only-upgrade libc-bin libc-dev-bin libc6 libc6-dev" or "apt-get upgrade" then the "apt-get dist-upgrade"?
Regards.
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
glibc Ghost vulnerability
Hi Paladinemishakal,
With an apt-get update and apt-get upgrade you need to be in the proper version of libc packages, don't do a dist-upgrade, you will upgrade your entire Ubuntu to the next version, 10 to 12, 12 to 14.
Best regards
With an apt-get update and apt-get upgrade you need to be in the proper version of libc packages, don't do a dist-upgrade, you will upgrade your entire Ubuntu to the next version, 10 to 12, 12 to 14.
Best regards
- dbayer
- Advanced member
- Posts: 84
- Joined: Thu Oct 09, 2014 9:10 am
- Location: Maine
- ZCS/ZD Version: Zimbra 10.0.5
- Contact:
glibc Ghost vulnerability
Just to be perfectly clear. We should run ONLY
sudo apt-get clean
sudo apt-get update
sudo apt-get upgrade
and nothing else, correct?
In addition it appears that 14.04 and beyond are NOT effected by this vulneribility
http://www.ubuntu.com/usn/usn-2485-1/
Thanks,
Daniel
sudo apt-get clean
sudo apt-get update
sudo apt-get upgrade
and nothing else, correct?
In addition it appears that 14.04 and beyond are NOT effected by this vulneribility
http://www.ubuntu.com/usn/usn-2485-1/
Thanks,
Daniel
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
glibc Ghost vulnerability
Yes,
Try with this commands, and check if your affected packages are fixed after launch these commands, should work.
Best regards
Try with this commands, and check if your affected packages are fixed after launch these commands, should work.
Best regards