suse – Page 5

update for patch CVE-2015-0235

for details about CVE-2015-0235
Vulnerability Summary for CVE-2015-0235
How To Patch and Protect Linux Server Against the Glibc GHOST Vulnerability # CVE-2015-0235
Qualys Security Advisory CVE-2015-0235
Currently Redhat, CentOS, OracleLinux already have fix on this patch.

Please run.:

#yum update glibc
Dependencies Resolved

================================================================================
 Package              Arch          Version                Repository      Size
================================================================================
Updating:
 glibc                i686          2.17-55.el7_0.5        updates        4.2 M
 glibc                x86_64        2.17-55.el7_0.5        updates        3.6 M
Updating for dependencies:
 glibc-common         x86_64        2.17-55.el7_0.5        updates         11 M
 glibc-devel          x86_64        2.17-55.el7_0.5        updates        1.0 M
 glibc-headers        x86_64        2.17-55.el7_0.5        updates        651 k

Transaction Summary
================================================================================
Upgrade  2 Packages (+3 Dependent packages)

Total download size: 21 M
Is this ok [y/d/N]:

#yum update glibc

Dependencies Resolved

================================================================================

Package Arch Version Repository Size

================================================================================

Updating:

glibc i686 2.17-55.el7_0.5 updates 4.2 M

glibc x86_64 2.17-55.el7_0.5 updates 3.6 M

Updating for dependencies:

glibc-common x86_64 2.17-55.el7_0.5 updates 11 M

glibc-devel x86_64 2.17-55.el7_0.5 updates 1.0 M

glibc-headers x86_64 2.17-55.el7_0.5 updates 651 k

Transaction Summary

================================================================================

Upgrade 2 Packages (+3 Dependent packages)

Total download size: 21 M

Is this ok [y/d/N]:

To Fix.

After the fix:

[suse@t430z tmp]$ bash GHOST-test.sh.txt
Vulnerable glibc version &lt;= 2.17-54
Vulnerable glibc version &lt;= 2.5-122
Vulnerable glibc version &lt;= 2.12-1.148
Detected glibc version 2.17 revision 55
Not Vulnerable.

[suse@t430z tmp]$ bash GHOST-test.sh.txt

Vulnerable glibc version <= 2.17-54

Vulnerable glibc version <= 2.5-122

Vulnerable glibc version <= 2.12-1.148

Detected glibc version 2.17 revision 55

Not Vulnerable.

References:
Redhat: Bug 1183461 – (CVE-2015-0235) CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow
Security Advisory Critical: glibc security update

CentOS: CentOS 7 – CVE-2015-0235

OracleLinux: [El-errata] ELSA-2015-0092 Critical: Oracle Linux 6 glibc security update

PHP Fatal error: Call to undefined function add_filter()

I found this error mesg on wordpress log.

After check files. it should be fixed like this:
https://wordpress.org/support/topic/fatal-error-call-to-undefined-function-add_filter

Warning: The VM will try to fix the stack guard now.

Running Solaris Studio on EL7/ JDK8.

$ solstudio 
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=64m; support was removed in 8.0
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=400m; support was removed in 8.0
Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /opt/oracle/solarisstudio12.4/lib/solstudio/solstudio/modules/ext/lib/Linux-amd64/libbase.so which might have disabled stack guard. The VM will try to fix the stack guard now.
It's highly recommended that you fix the library with 'execstack -c &lt;libfile&gt;', or link it with '-z noexecstack'.

$ solstudio

Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=64m; support was removed in 8.0

Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=400m; support was removed in 8.0

Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /opt/oracle/solarisstudio12.4/lib/solstudio/solstudio/modules/ext/lib/Linux-amd64/libbase.so which might have disabled stack guard. The VM will try to fix the stack guard now.

It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexecstack'.

to fix the warning:

# yum install /usr/bin/execstack
# execstack -c /opt/oracle/solarisstudio12.4/lib/solstudio/solstudio/modules/ext/lib/Linux-amd64/libbase.so

1 2	# yum install /usr/bin/execstack # execstack -c /opt/oracle/solarisstudio12.4/lib/solstudio/solstudio/modules/ext/lib/Linux-amd64/libbase.so

/usr/libexec/urlgrabber-ext-down report KeyboardInterrupt

It’s a weird issue:

EL7, yum update abort.

[root@t430z suse]# yum install screen
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.vastspace.net
 * epel: mirror01.idc.hinet.net
 * extras: mirror.vastspace.net
 * updates: mirror.vastspace.net
Traceback (most recent call last):                               55% [=============================-                        ]  49 kB/s | 2.1 MB  00:00:35 ETA 
  File "/usr/libexec/urlgrabber-ext-down", line 75, in &lt;module&gt;
    main()
  File "/usr/libexec/urlgrabber-ext-down", line 61, in main
    fo = PyCurlFileObject(opts.url, opts.filename, opts)         55% [=============================-                        ]  42 kB/s | 2.1 MB  00:00:42 ETA 
  File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1258, in __init__
    self._do_open()
  File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1589, in _do_open
    self._do_grab()
  File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1723, in _do_grab
    self._do_perform()
  File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1517, in _do_perform
    raise KeyboardInterrupt
KeyboardInterrupt

[root@t430z suse]# yum install screen

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* base: mirror.vastspace.net

* epel: mirror01.idc.hinet.net

* extras: mirror.vastspace.net

* updates: mirror.vastspace.net

Traceback (most recent call last): 55% [=============================- ] 49 kB/s | 2.1 MB 00:00:35 ETA

File "/usr/libexec/urlgrabber-ext-down", line 75, in <module>

main()

File "/usr/libexec/urlgrabber-ext-down", line 61, in main

fo = PyCurlFileObject(opts.url, opts.filename, opts) 55% [=============================- ] 42 kB/s | 2.1 MB 00:00:42 ETA

File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1258, in __init__

self._do_open()

File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1589, in _do_open

self._do_grab()

File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1723, in _do_grab

self._do_perform()

File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1517, in _do_perform

raise KeyboardInterrupt

KeyboardInterrupt

checked, it should be :
Bug 1099101 – 7.0 RC Regression: urlgrabber terminates yum upon connection interruption thinking it’s been aborted
Bug 1091740 – yum stack-traces and interrups

Waiting for a fix on: python-urlgrabber-3.10-5.el7

Don’t update nss-softokn-freebl-3.14.3-19.el6_6.x86_64

On my repo. after #yum update.

new kernel cannot get reboot because of initramfs failed to generate.

        @ Non-fatal POSTTRANS scriptlet failure in rpm package
        @ kernel......
        @ E: Failed to install /usr/lib64/libfreebl3.chk
        @ mkinitrd failed
        @ warning: %posttrans(kernel......x86_64) scriptlet
        @ failed, exit status 1

@ Non-fatal POSTTRANS scriptlet failure in rpm package

@ kernel......

@ E: Failed to install /usr/lib64/libfreebl3.chk

@ mkinitrd failed

@ warning: %posttrans(kernel......x86_64) scriptlet

@ failed, exit status 1

If this time reboot the os, kernel will fail anyway.

because /usr/lib64/libfreebl3.chk is not yet provided in new kernel.

Temp fix is to use old version nss-softokn-freebl for now.

workaround:

1) manually download RPMs from uln:

 nss-softokn-3.14.3-18.el6_6.i686.rpm
 nss-softokn-3.14.3-18.el6_6.x86_64.rpm
 nss-softokn-freebl-3.14.3-18.el6_6.i686.rpm
 nss-softokn-freebl-3.14.3-18.el6_6.x86_64.rpm

 unpack:

 for i in nss*rpm
 do
   rpm2cpio ${i} |cpio  -idmv
 done


2) check current packages:

nss-softokn-freebl-3.14.3-19.el6_6.i686
nss-softokn-3.14.3-19.el6_6.x86_64
nss-softokn-3.14.3-19.el6_6.i686
nss-softokn-freebl-3.14.3-19.el6_6.x86_64

delete these files by force:

# rpm -qa| grep softokn|xargs rpm -e --nodeps


3) copy all files generate in step 1) to orig. # as rpm cmd will fail.


4) as we already have those dependency files. re-run rpm inst
   install nss-softokn-freebl-3.14.3-18*
   # rpm -ivh nss* --force --nodeps --nosignature

5) after this step, to ensure the changes.
   reinstall the 2 packs, which will refresh the local db.
   # yum reinstall nss-softokn-freebl   nss-softokn
   # yum reinstall kernel-2.6.32-504.3.3.el6.x86_64

6) Don't run #yum update for now before a fix.
    or , add these packages into exclude list:
   #vi  /etc/yum.conf
   exclude=nss-softokn*

workaround:

1) manually download RPMs from uln:

nss-softokn-3.14.3-18.el6_6.i686.rpm

nss-softokn-3.14.3-18.el6_6.x86_64.rpm

nss-softokn-freebl-3.14.3-18.el6_6.i686.rpm

nss-softokn-freebl-3.14.3-18.el6_6.x86_64.rpm

unpack:

for i in nss*rpm

rpm2cpio ${i} |cpio -idmv

done

2) check current packages:

nss-softokn-freebl-3.14.3-19.el6_6.i686

nss-softokn-3.14.3-19.el6_6.x86_64

nss-softokn-3.14.3-19.el6_6.i686

nss-softokn-freebl-3.14.3-19.el6_6.x86_64

delete these files by force:

# rpm -qa| grep softokn|xargs rpm -e --nodeps

3) copy all files generate in step 1) to orig. # as rpm cmd will fail.

4) as we already have those dependency files. re-run rpm inst

install nss-softokn-freebl-3.14.3-18*

# rpm -ivh nss* --force --nodeps --nosignature

5) after this step, to ensure the changes.

reinstall the 2 packs, which will refresh the local db.

# yum reinstall nss-softokn-freebl nss-softokn

# yum reinstall kernel-2.6.32-504.3.3.el6.x86_64

6) Don't run #yum update for now before a fix.

or , add these packages into exclude list:

#vi /etc/yum.conf

exclude=nss-softokn*

update: Mon Jan 19 14:23:26 CST 2015

I filed oracle bug#20369394, CentOS bug#0008083

For upStream bug#
Bug 1182297 – nss-softokn prevents dracut from building the initrd

Waiting for a fix in

nss-softokn-freebl-3.14.3-20

1	nss-softokn-freebl-3.14.3-20

=======================================================

update: Fri Jan 30 17:07:57 CST 2015

Bug Fix Advisory nss-softokn bug fix update

Bug is now fixed in : nss-softokn-freebl-3.14.3-22.el6_6.x86_64.rpm

Also oracle has new el-errata
[El-errata] ELBA-2015-0110 Oracle Linux 6 nss-softokn bug fix update