Fix GHOST: glibc vulnerability CVE-2015-0235

Red Hat Product Security released on January 27, 2015 details about a critical vulnerability that affects glibc and which is known as GHOST. This vulnerability was assigned CVE-2015-0235 and is a buffer overflow bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library – hence the name GetHOST.

Fortunately the fix is easy it just involves running a yum update on the system. For CentOS, RHEL or Fedora we can check the RPM version installed using:

rpm -q glibc

In order to fix this glibc vulnerability you’ll need to simply:

yum update glibc

and reboot the system. If it’s not possible to reboot the system we can also restart all the services that use glibc. In order to determine which services need to be restarted we can run this command:

lsof +c 15 | grep libc- | awk '{print $1}' | sort -u

The output should be something similar to this:

[root@CentOS ~]# lsof +c 15 | grep libc- | awk '{print $1}' | sort -u
agetty
auditd
avahi-daemon
awk
bash
crond
dbus-daemon
gdbus
gmain
grep
in:imjournal
iprdump
iprinit
iprupdate
JS
lsof
master
mysqld
mysqld_safe
NetworkManager
nginx
php-fpm
pickup
polkitd
qmgr
rs:main
rsyslogd
runaway-killer-
sort
sshd
systemd
systemd-journal
systemd-logind
systemd-udevd
tuned

We can restart the public facing services to temporary fix this for certain services but the best way to go would be by rebooting the machine.

Once that’s done we can check again the version and make sure we’re safe:

[root@CentOS ~]# rpm -qa | grep glibc
glibc-2.17-55.el7_0.5.x86_64
glibc-common-2.17-55.el7_0.5.x86_64

https://access.redhat.com – CVE-2015-0235