Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Ghost vulnerability : where to get RPMs for RHES 5.x & 6.x

Posted on 2015-02-04
5
Medium Priority
?
367 Views
Last Modified: 2015-02-12
https://rhn.redhat.com/errata/RHSA-2015-0090.html

Q1:
Link above only give the RPMs below but they're greyed out & I can't download.
I hv login to our RHN subscription account, so what did I miss?

Q2:
Can give me the link to get the RPMs for RHES 6.x to patch this GHOST/GetHost vulnerability?

Q3:
Note that I can't do "yum" as our servers are not allowed to connect out to Internet.
Can someone provide me the exact steps to do stop any specific services, do "rpm -e ... ?"
followed by "rpm -ivf ...new rpm" to patch this?  Any reboot needed?

glibc-2.5-123.el5_11.1.i686.rpm          MD5: d76cd3e0c73b9c6043bb81334364d94b
SHA-256: 76a68f01dc916b2fb997842292e6ab143373ef39e81b6121852f95a01090c059
glibc-2.5-123.el5_11.1.x86_64.rpm          MD5: 0afaf382ce8f424b8868e39e1f6521b5
SHA-256: fbb779da0c1b42c69dc7e3d1094aaf8e17bbbcd09eb9b1531369506e4f303eb6
glibc-common-2.5-123.el5_11.1.x86_64.rpm          MD5: 493bf12eb45786f27168e69c4f095164
SHA-256: 87aec51ae18e41661479b356a94130db9033aaf3f49307d479a9a50158b116f4
glibc-debuginfo-2.5-123.el5_11.1.i386.rpm          MD5: 9c3ac38c097769bde4d6a3c57d939cb9
SHA-256: bbaa7a93e5d6c1ab29ee181b50c52676001eff3b332032fd4951f990eff25fd9
glibc-debuginfo-2.5-123.el5_11.1.i686.rpm          MD5: c6a951d724d902f22aa87fff2a06c114
SHA-256: 34a5ea91f29d2c1d1e47515c1f7da2ce0553d4d6584b118d93cc17a55912f059
glibc-debuginfo-2.5-123.el5_11.1.x86_64.rpm          MD5: c2fba42b8a4304a2392457489d7ac5c1
SHA-256: a1fcab0523bca79f6b1c9ce2499b680fe7e56a6b4ada7ac884f19438b2e32bfb
glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm          MD5: 06ab2b72df65e2de6a638d642011d7f0
SHA-256: 24f2d93ee8c5daa4d6eea67851713a4b72f08ee03cdf0c95ccbcc89f2e899b8a
glibc-devel-2.5-123.el5_11.1.i386.rpm          MD5: 9d1e5e7eea3c08911d0a6e8d71967d86
SHA-256: 358207d50ef441a3b5d7553427339838765ee05a2e0f551a7fc374705d1d8be5
glibc-devel-2.5-123.el5_11.1.x86_64.rpm          MD5: f3f9355c4e27c3c64bf264ccaabe05ab
SHA-256: 93dc0064e8f874e87e497fb27f723e1823375ef4ef1db23c083ca7042c3557c7
glibc-headers-2.5-123.el5_11.1.x86_64.rpm          MD5: 870df2d22ef30c7fd9dfb82cd12d90ae
SHA-256: f9a0fb9d408c9acad9fe52c5ebd749143378576e802395c1cb469c7912f06764
glibc-utils-2.5-123.el5_11.1.x86_64.rpm          MD5: fdb3c3178e3ac436b3a8fd452fe1c65a
SHA-256: a8b0f1bb7c8f1e1087e13fb0608b6ba026f8aa6e796c12b1d7f5411a96105dd0
nscd-2.5-123.el5_11.1.x86_64.rpm          MD5: 83ec2f42af134141184a295e4e85b59e
SHA-256: 376945dc125372bf9f21f561445c389adcbada7cfde2007a842d51793510189b
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 1400 total points
ID: 40588694
Link above only give the RPMs below but they're greyed out & I can't download.

it is only a list of the package names; they're not links

Can give me the link to get the RPMs for RHES 6.x to patch this GHOST/GetHost vulnerability?

RHEL 6 is not listed in the affected products list
there is no direct download link

Can someone provide me the exact steps to do stop any specific services, do "rpm -e ... ?"

don't need to stop anything
login to your account then go here ->  https://rhn.redhat.com/rhn/channels/software/Search.do
you will need to search for the package name (glibc/nscd) for whatever architecture you have
put the files on a usb drive and bring to those systems, mount it, then upgrade the files
rpm -Uhv filename.rpm
should specify all the files in one command because of dependencies
0
 

Author Comment

by:sunhux
ID: 40593063
To avoid dependencies, shd I issue:
rpm --nodeps -Uhv 1.rpm 2.rpm 3.rpm ...
ie a few rpms at one go on a single line?

is there a comma between the rpms?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 600 total points
ID: 40597157
Given you are connected to RHN:
"yum upgrade glibc"
RHEL6 is not listed because RHEL6 and 7 are listed in different RHSA...
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40606076
@gheist
the author stated the systems do not have internet access
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 600 total points
ID: 40606439
Then he must select his patches on his satellite server or satellite proxy server.
Other legal ways include converting to centos or oracle linux on the spot.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question