There is a new linux root exploit through glibc CVE-2010-3847. This exploit can be used to gain root access by a “local user”. Of course, being in the web hosting industry a local user can be an exploitable script, a customer, a php or cgi shell and on and on. Affected are RHEL and CentOS 5.
No glibc update has been released yet by RedHat.
I have released a new admin script and a testing repo on the InterServer yum repo. The admin script is /admin/updatefromtesting and there are glibc updates for CentOS 5.
You can get this by running
If you do not have the admin scripts run
rsync -a rsync://mirror.trouble-free.net/admin /admin
Before use, you will need to run either
ln -s /admin/testing.repo /etc/yum.repos.d/testing.repo
cp /admin/testing.repo /etc/yum.repos.d/testing.repo
This repo is not enabled by default. So what is really happening is yum is being called as yum –enablerepo=tf-testing update
Future updates will not use this repo. In fact, I do not have plans on keeping the testing repo – we will see.
I expect the glibc update from redhat to apply over the testing repo. However this is glibc, so use at your own risks. If you are an InterServer customer contact support for help with this update.
I have tested the update on multiple servers and have build for i386 and x86_64.
The repo, including srpm, is at http://mirror.trouble-free.net/tf/testing/5.5/