New Linux Vulnerability CVE-2015-7547
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
New Linux Vulnerability CVE-2015-7547
Just came across this article on 'The Register'
Looks as if it might affect Mint as well.
http://www.theregister.co.uk/2016/02/16 ... rnability/
Looks as if it might affect Mint as well.
http://www.theregister.co.uk/2016/02/16 ... rnability/
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: New Linux Vulnerability
Just sent me scrambling back to check the article's date WAS 2016 and not 2015 - Phew!
Re: New Linux Vulnerability
https://sourceware.org/ml/libc-alpha/20 ... 00416.html
and is a legitimate cause for concern.
I'd expect a patch/update in a day or so.
and is a legitimate cause for concern.
I'd expect a patch/update in a day or so.
Last edited by Habitual on Tue Feb 16, 2016 6:25 pm, edited 1 time in total.
Re: New Linux Vulnerability
the fix is "in"
Code: Select all
apt-get update && apt-get upgrade
Re: New Linux Vulnerability CVE-2015-7547
Hello, Habitual.
Before someone else does, let me correct your recommendation to be:
Update Manager will offer the relevant libc6 update automatically, without evading the Linux Mint update safety levels. Make sure that the enabled safety levels in Update Manager are at minimum [1], [2] and [3] (default). Enabling the option to trust and install security updates always might be helpful, too.
Most important information:
The bugfixed libc6 library is available for download and installation: USN-2900-1: GNU C Library vulnerability
Cheers,
Karl
Before someone else does, let me correct your recommendation to be:
Update Manager will offer the relevant libc6 update automatically, without evading the Linux Mint update safety levels. Make sure that the enabled safety levels in Update Manager are at minimum [1], [2] and [3] (default). Enabling the option to trust and install security updates always might be helpful, too.
Most important information:
The bugfixed libc6 library is available for download and installation: USN-2900-1: GNU C Library vulnerability
Cheers,
Karl
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
Re: New Linux Vulnerability CVE-2015-7547
Level[123] are default on most (all?) Graphical update utilities, no?
I'm huge fan of defaults.
but "Always Select and security updates" must be enabled prior to.
What about c-line?
apt-get upgrade is level[123] with Trust?
I'm huge fan of defaults.
but "Always Select and security updates" must be enabled prior to.
What about c-line?
apt-get upgrade is level[123] with Trust?
Re: Linux patch
Apparently it's not that big of a deal since the next release (very soon, days?) will address this issue:
https://sourceware.org/ml/libc-alpha/20 ... 00420.html
https://sourceware.org/ml/libc-alpha/20 ... 00420.html
Last edited by karlchen on Wed Feb 17, 2016 10:16 am, edited 1 time in total.
Reason: As "Linux patch" thread is actually about "New Linux Vulnerability CVE-2015-7547", it has been merged into the existing thread about "New Linux Vulnerability CVE-2015-7547
Reason: As "Linux patch" thread is actually about "New Linux Vulnerability CVE-2015-7547", it has been merged into the existing thread about "New Linux Vulnerability CVE-2015-7547
Re: Linux patch
Risk to me? 0%. Risk to a multi-billion-dollar national corporation? Closer to 1%. Not worried.
Re: New Linux Vulnerability CVE-2015-7547
I'm on default settings and I got the patch. No need to work around the Updater. Just use the Force of the Gui, Luke.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: Linux patch
The update arrived here two hours ago.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: Linux patch
<moderator on>
As the thread "Linux patch" was a just a reprise of the already existing thread "New Linux Vulnerability CVE-2015-7547", it has been merged into the existing thread about "New Linux Vulnerability CVE-2015-7547"
</moderator off>
As the thread "Linux patch" was a just a reprise of the already existing thread "New Linux Vulnerability CVE-2015-7547", it has been merged into the existing thread about "New Linux Vulnerability CVE-2015-7547"
</moderator off>
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
USN-2900-1: GNU C Library vulnerability CVE-2015-7547 fixed?
I was wondering if the USN-2900-1: GNU C Library vulnerability (Bug CVE-2015-7547) has been fixed? I've only seen Ubuntu mention of it, so I hope it got passed down to Mint as well. I did see an "eglibc" update yesterday, I think, but I thought Debian switched back to glibc back in 2014. I do see several "eglibc" items in Synaptic.
http://www.ubuntu.com/usn/usn-2900-1/
https://threatpost.com/magnitude-of-gli ... ht/116296/
Is there anything users need to do for the fix?
http://www.ubuntu.com/usn/usn-2900-1/
https://threatpost.com/magnitude-of-gli ... ht/116296/
Is there anything users need to do for the fix?
Re: USN-2900-1: GNU C Library vulnerability CVE-2015-7547 fi
<moderator on>
post will be moved to the existing thread on "New Linux Vulnerability CVE-2015-7547". - This should answer the question by the way. - Done.
</moderator off>
post will be moved to the existing thread on "New Linux Vulnerability CVE-2015-7547". - This should answer the question by the way. - Done.
</moderator off>
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
Re: New Linux Vulnerability CVE-2015-7547
A funny little twist in this story, unrelated to LM, but relates to Slackware Linux,
The Slackware BDFL (Pat Volkerding) had a patch that fixed this issue many years ago that was used by openSUSE and Debian, the difference is that PV kept applying the patch even after receiving emails asking him to remove it. Slackware has thus not been affected by this vulnerability.
https://www.linuxquestions.org/question ... ost5501886
The Slackware BDFL (Pat Volkerding) had a patch that fixed this issue many years ago that was used by openSUSE and Debian, the difference is that PV kept applying the patch even after receiving emails asking him to remove it. Slackware has thus not been affected by this vulnerability.
https://www.linuxquestions.org/question ... ost5501886
Re: New Linux Vulnerability CVE-2015-7547
I'm running LM17 Qiana and haven't knowingly seen a patch for this yet. Should I be concerned? Is there a way to check in my update history whether I've already installed the patch without realizing it?
Re: New Linux Vulnerability CVE-2015-7547
Hello, jiawen.
In order to verify whether your system has received the libc6 security update, launch Synaptic Package Manager from the Mint Menu. Then proceed like illustrated in the screenshot below:
(Click screenshot to enlarge. Press <Alt><Cursor_left> to return here.)
Karl
In order to verify whether your system has received the libc6 security update, launch Synaptic Package Manager from the Mint Menu. Then proceed like illustrated in the screenshot below:
(Click screenshot to enlarge. Press <Alt><Cursor_left> to return here.)
- Tell Synaptic to list installed software packages only. (left hand side, click on button [Installed])
- (1) - As "Quick filter" enter "libc6" (without the double quotes).
- (2) - Should list libc6 - current version: 2.19-0ubuntu-6.7. Mark it.
- (3) - Click on the button [Get Changelog] at the bottom.
- (4) - Will open the changelog window.
- Provided the "CVE-2015-7547" is mentioned as fixed, then your system has received the security update.
(I only marked it once in the screenshot, but as can be spotted, it is mentioned as fixed here.)
Karl
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline