Solved

Ghost vulnerability : where to get RPMs for RHES 5.x & 6.x

Posted on 2015-02-04
5
331 Views
Last Modified: 2015-02-12
https://rhn.redhat.com/errata/RHSA-2015-0090.html

Q1:
Link above only give the RPMs below but they're greyed out & I can't download.
I hv login to our RHN subscription account, so what did I miss?

Q2:
Can give me the link to get the RPMs for RHES 6.x to patch this GHOST/GetHost vulnerability?

Q3:
Note that I can't do "yum" as our servers are not allowed to connect out to Internet.
Can someone provide me the exact steps to do stop any specific services, do "rpm -e ... ?"
followed by "rpm -ivf ...new rpm" to patch this?  Any reboot needed?

glibc-2.5-123.el5_11.1.i686.rpm          MD5: d76cd3e0c73b9c6043bb81334364d94b
SHA-256: 76a68f01dc916b2fb997842292e6ab143373ef39e81b6121852f95a01090c059
glibc-2.5-123.el5_11.1.x86_64.rpm          MD5: 0afaf382ce8f424b8868e39e1f6521b5
SHA-256: fbb779da0c1b42c69dc7e3d1094aaf8e17bbbcd09eb9b1531369506e4f303eb6
glibc-common-2.5-123.el5_11.1.x86_64.rpm          MD5: 493bf12eb45786f27168e69c4f095164
SHA-256: 87aec51ae18e41661479b356a94130db9033aaf3f49307d479a9a50158b116f4
glibc-debuginfo-2.5-123.el5_11.1.i386.rpm          MD5: 9c3ac38c097769bde4d6a3c57d939cb9
SHA-256: bbaa7a93e5d6c1ab29ee181b50c52676001eff3b332032fd4951f990eff25fd9
glibc-debuginfo-2.5-123.el5_11.1.i686.rpm          MD5: c6a951d724d902f22aa87fff2a06c114
SHA-256: 34a5ea91f29d2c1d1e47515c1f7da2ce0553d4d6584b118d93cc17a55912f059
glibc-debuginfo-2.5-123.el5_11.1.x86_64.rpm          MD5: c2fba42b8a4304a2392457489d7ac5c1
SHA-256: a1fcab0523bca79f6b1c9ce2499b680fe7e56a6b4ada7ac884f19438b2e32bfb
glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm          MD5: 06ab2b72df65e2de6a638d642011d7f0
SHA-256: 24f2d93ee8c5daa4d6eea67851713a4b72f08ee03cdf0c95ccbcc89f2e899b8a
glibc-devel-2.5-123.el5_11.1.i386.rpm          MD5: 9d1e5e7eea3c08911d0a6e8d71967d86
SHA-256: 358207d50ef441a3b5d7553427339838765ee05a2e0f551a7fc374705d1d8be5
glibc-devel-2.5-123.el5_11.1.x86_64.rpm          MD5: f3f9355c4e27c3c64bf264ccaabe05ab
SHA-256: 93dc0064e8f874e87e497fb27f723e1823375ef4ef1db23c083ca7042c3557c7
glibc-headers-2.5-123.el5_11.1.x86_64.rpm          MD5: 870df2d22ef30c7fd9dfb82cd12d90ae
SHA-256: f9a0fb9d408c9acad9fe52c5ebd749143378576e802395c1cb469c7912f06764
glibc-utils-2.5-123.el5_11.1.x86_64.rpm          MD5: fdb3c3178e3ac436b3a8fd452fe1c65a
SHA-256: a8b0f1bb7c8f1e1087e13fb0608b6ba026f8aa6e796c12b1d7f5411a96105dd0
nscd-2.5-123.el5_11.1.x86_64.rpm          MD5: 83ec2f42af134141184a295e4e85b59e
SHA-256: 376945dc125372bf9f21f561445c389adcbada7cfde2007a842d51793510189b
0
Comment
Question by:sunhux
  • 2
  • 2
5 Comments
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 350 total points
Comment Utility
Link above only give the RPMs below but they're greyed out & I can't download.

it is only a list of the package names; they're not links

Can give me the link to get the RPMs for RHES 6.x to patch this GHOST/GetHost vulnerability?

RHEL 6 is not listed in the affected products list
there is no direct download link

Can someone provide me the exact steps to do stop any specific services, do "rpm -e ... ?"

don't need to stop anything
login to your account then go here ->  https://rhn.redhat.com/rhn/channels/software/Search.do
you will need to search for the package name (glibc/nscd) for whatever architecture you have
put the files on a usb drive and bring to those systems, mount it, then upgrade the files
rpm -Uhv filename.rpm
should specify all the files in one command because of dependencies
0
 

Author Comment

by:sunhux
Comment Utility
To avoid dependencies, shd I issue:
rpm --nodeps -Uhv 1.rpm 2.rpm 3.rpm ...
ie a few rpms at one go on a single line?

is there a comma between the rpms?
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 150 total points
Comment Utility
Given you are connected to RHN:
"yum upgrade glibc"
RHEL6 is not listed because RHEL6 and 7 are listed in different RHSA...
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
@gheist
the author stated the systems do not have internet access
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 150 total points
Comment Utility
Then he must select his patches on his satellite server or satellite proxy server.
Other legal ways include converting to centos or oracle linux on the spot.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now