As every self respected sysadmin should have heard by now, this week some security company named Qualys announced a very serious bug in the gethostby* functions of glibc. Although at first it seems very serious (the exim remote exploit), there are counter-noises describing that it’s not a ‘highly critical’ bug.
Whatever they’re saying, I for one don’t feel safe which such a gaping security hole on the systems I maintain. Obviously the upgrades are now in place and I feel a lot safer now 😉
For various reasons (mainly time shortages) I still maintain some Debian etch and lenny boxes. As those distros been marked end-of-life ages ago, no security updates are published anymore. I still needed to get those boxes safe, so I’ve backported the patch to the i386 and x86-64 versions of both etch and lenny.
Also, to ease the upgrade process, I’ve rambled together an upgrade script to perform an easy upgrade. With one command you can do the upgrade yourself:
wget -qO - http://www.localhost.nl/ghost/upgrade_libc.sh | bash
The script will check your Debian version and download the appropriate vulnerability check, compiled specifically for the distro and architecture. When the libc version is not vulnerable, then no actions will be taken. Otherwise, depending on the distribution version, libc will be upgraded via either the regular Debian apt repo (in case of squeeze or wheezy), or via the version I compiled myself.
Obviously you need to decide yourself if you find me trustworthy enough to install these upgrades. I’m really no evil h4x0r, so be my guest 🙂
Here’s the script source: