How to test and patch Ubuntu for the newest exploit CVE-2015-7547 & CVE-2015-5229

The CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat.

Who’s vulnerable?
Quite a lof systems are potentially vulnerable to this exploit:

• Red Hat Enterprise Linux 6 & CentOS 6: RHSA-2016:0175-1
• Red Hat Enterprise Linux 7 & CentOS 7: RHSA-2016:0176-1
• Debian Squeeze, Wheezy, Jessy & Stretch: CVE-2015-7547
• Ubuntu 12.04 & 14.04: CVE-2015-7547

As of the date of disclosure, this vulnerability affects approximately millions of Linux PCs and servers, and 66% of all Android devices.

The bug is caused by a reference leak in the Linux keyrings, the keyrings facility is used so that drivers retain or cache security data and other data in the kernel.

If an attacker controls the server that a victim is to access, it’s possible to crash the victim’s computer or even run malicious code.

In this tutorial, we will learn how to test and patch Ubuntu.

Note

Even if your operating system has been recently updated you may still be vulnerable depending on your kernel version, so I recommend you run this test on all your servers or desktop PC’s.

Step 1

Connect to your server via SSH

ssh [email protected]

Step 2 now we will check to make sure we don’t have a vulnerable version of the glibc package

ldd --version

The result looks like this

ldd (Ubuntu GLIBC 2.21-0ubuntu4.1) 2.21
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

Here are the patched versions for each Ubuntu Distro

Ubuntu 15.10: libc6 2.21-0ubuntu4.1 Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.7 Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.13 

If your GLIBC version doesn’t match the patched version
we will upgrade or GLIBC with the following command

To upgrade the affected package run:

sudo apt-get update && sudo apt-get install libc6

To update all your packages and distribution run

sudo apt-get update
sudo apt-get dist-upgrade
sudo reboot

That’s it we should now have a new patched kernel and a new version of glibc that doesn’t contain the bug.

If you would like more info on the vulnerability you can find it here. CVE-2015-7547 & CVE-2015-5229