Hello Guys,
Recently, I have installed some custom packaged of glibc in servers I manage due to vulnerabilities. At that time, official centos packages were not available. Now, I want to roll back to centos versions.
===================================== -bash-3.2# yum info glibc Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: yum.singlehop.com * base: yum.singlehop.com * extras: mirrors.netdna.com * rpmforge: apt.sw.be * updates: yum.singlehop.com Installed Packages Name : glibc Arch : i386 Version : 2.5 Release : 49.1 Size : 22 M Repo : installed Summary : The GNU libc libraries. License : LGPL Description: The glibc package contains standard libraries which are used by : multiple programs on the system. In order to save disk space and : memory, as well as to make upgrading easier, common system code is : kept in one place and shared between programs. This particular package : contains the most important sets of shared libraries: the standard C : library and the standard math library. Without these two libraries, a : Linux system will not function.
Name : glibc Arch : x86_64 Version : 2.5 Release : 49.1 Size : 26 M Repo : installed Summary : The GNU libc libraries. License : LGPL Description: The glibc package contains standard libraries which are used by : multiple programs on the system. In order to save disk space and : memory, as well as to make upgrading easier, common system code is : kept in one place and shared between programs. This particular package : contains the most important sets of shared libraries: the standard C : library and the standard math library. Without these two libraries, a : Linux system will not function.
Available Packages Name : glibc Arch : i686 Version : 2.5 Release : 49.el5_5.6 Size : 5.3 M Repo : updates Summary : The GNU libc libraries. License : LGPL Description: The glibc package contains standard libraries which are used by : multiple programs on the system. In order to save disk space and : memory, as well as to make upgrading easier, common system code is : kept in one place and shared between programs. This particular package : contains the most important sets of shared libraries: the standard C : library and the standard math library. Without these two libraries, a : Linux system will not function. =====================================
I tried a lot of options. "yum downgrade" is attempting to remove lot of packages which I can't afford. Yum install is hitting dependency errors.
Is there a way out ? Thanks in advance for any help/advice any one could offer.
-- Regards, Sherin
well... I found a solution myself
here is the solution I found, if anyone else is also there in my situation.
Download the centos rpms and install them as given below.
=========================================== rpm -Uvh glibc-2.5-49.el5_5.6.i386.rpm glibc-2.5-49.el5_5.6.x86_64.rpm glibc-common-2.5-49.el5_5.6.x86_64.rpm --replacefiles --oldpackage ===========================================
-- Thanks, Sherin
On Monday 25 October 2010, Sherin George wrote:
Hello Guys,
Recently, I have installed some custom packaged of glibc in servers I manage due to vulnerabilities. At that time, official centos packages were not available. Now, I want to roll back to centos versions.
Do note that this new (and probably your custom built) glibc is vulnerable to a new trival local root (so you may want to build yet another custom version instead of switching back):
https://bugzilla.redhat.com/show_bug.cgi?id=cve-2010-3856
/Peter
On Monday 25 October 2010, Peter Kjellstrom wrote:
On Monday 25 October 2010, Sherin George wrote:
Hello Guys,
Recently, I have installed some custom packaged of glibc in servers I manage due to vulnerabilities. At that time, official centos packages were not available. Now, I want to roll back to centos versions.
Do note that this new (and probably your custom built) glibc is vulnerable to a new trival local root
For completeness,
Turns out that getting root with 3856 on CentOS-5 atleast isn't copy-n-paste-trivial. The suggested exploit using libpcprofile.so fails since that file comes from glibc-utils which (afaict) typically isn't installed.
That said, it seems very likely that there are other ways to exploit 3856 on CentOS-5 so do not in any way interpret this as "lets skip the update".
/Peter
(so you may want to build yet another custom version instead of switching back):
-
Peter Kjellstrom -
Sherin George