You guys seem like capable engineers who know what is important and are committed to fairness, openness, and honesty.
|Posted||Thu, 29 Jan 2015 05:23 AM UTC|
|Last Update||Mon, 9 Feb 2015 01:05 AM UTC (102 weeks ago)|
RimuHosting autopatch/deghost updates
@UTC Wed 4 Feb 0619:
We have created a 'deghost' script (http://github.com/pbkwee/deghost) to update the glibc packages.
Its key function is to tidy up apt and yum repositories if they are out of date, and to yum/apt install the libc library. It typically works great on Squeeze, Wheezy, Canonical-supported Ubuntus, and Centos 5+
We are running this on customer servers. When that completes you will be able to see the results at http://rimuhosting.com/cp/serverpatchstate.jsp
To opt out of the auto patch, please reply to the email we had sent. If you have already patched the server, please do not reply to that email unless you do not wish us to touch your server (since the deghost script would not do anything if your server is already patched).
Even after the library is patched servers need to be restarted (so running programs using the old libc can be reload with the new libc). You can do that for a VM at http://rimuhosting.com/cp/vps/restart.jsp
Please subscribe to this notice to receive updates.
ghost glibc vulnerabilty
There is a vulnerability in most versions of the ubiquitous glibc library (which is used by most server binaries: sshd, mysql, ntp, apache, etc)
Patching the vulnerability
For modern, supported Debian and Ubuntu distros you can simply run apt-get update; apt-get install libc6
On Centos distros you can run yum install glibc.
This should work fine on Centos 7, Centos 6, Centos 5, Debian 7. And Debian 6 if you are using the lts repositories.
Ubuntu 14.04 is not affected. Supported Ubuntus per http://en.wikipedia.org/wiki/List_of_Ubuntu_releases#Table_of_versions should also have an update.
You can manually run our deghost script by SSH-ing into your server (as root). Then running:
If you are running an unsupported Ubuntu distro or Debian Lenny (also unsupported) you can use the bash deghost.sh --break-eggs option to attempt to do a dist-upgrade to a stable version.#
Log in to subscribe to changes to this notice.
Set your contact details for future notifications.