Hi all, Looks like there is something wrong with the new glibc packages pushed to address this.
With the following packages installed: glibc-2.12-1.149.el6_6.5 glibc-common-2.12-1.149.el6_6.5 Many segfaults like: sed[749]: segfault at 0 ip 00000030004c4800 sp 00007fff71c57038 error 6 in libc-2.12.so[3000400000+18a000] sed[763]: segfault at 0 ip 00000030004c4800 sp 00007fff78303768 error 6 in libc-2.12.so[3000400000+18a000] sed[785]: segfault at 0 ip 00000030004c4800 sp 00007fff1b4d04c8 error 6 in libc-2.12.so[3000400000+18a000] sed[792]: segfault at 0 ip 00000030004c4800 sp 00007fffae46a6d8 error 6 in libc-2.12.so[3000400000+18a000] grep[925]: segfault at 2a0 ip 00000030004c2003 sp 00007fffbb544dd0 error 6 in libc-2.12.so[3000400000+18a000] grep[937]: segfault at 2a0 ip 00000030004c2003 sp 00007fff830c0130 error 6 in libc-2.12.so[3000400000+18a000] sed[1028]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] sed[1050]: segfault at 0 ip 00000030004c4800 sp 00007fffbf52de08 error 6 in libc-2.12.so[3000400000+18a000] sed[1055]: segfault at 0 ip 00000030004c4800 sp 00007fff15bde3f8 error 6 in libc-2.12.so[3000400000+18a000] sed[1074]: segfault at 0 ip 00000030004c4800 sp 00007fff7bc97858 error 6 in libc-2.12.so[3000400000+18a000] sed[1079]: segfault at 0 ip 00000030004c4800 sp 00007fff01b59ab8 error 6 in libc-2.12.so[3000400000+18a000] grep[1180]: segfault at 2e0 ip 00000030004c2003 sp 00007fff58432e70 error 6 in libc-2.12.so[3000400000+18a000] egrep[1427]: segfault at 320 ip 00000030004c2003 sp 00007fffda712ba0 error 6 in libc-2.12.so[3000400000+18a000] smartd[1478]: segfault at 160 ip 00007f3978f56003 sp 00007fff0b2501b0 error 6 in libc-2.12.so[7f3978e94000+18a000] xl[1489]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] xl[1491]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] xl[1495]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] xl[1497]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] xl[1501]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] xl[1503]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] xl[1618]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] xl[1619]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] sed[1652]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] sed[1661]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] sed[1671]: segfault at 0 ip 00000030004c4800 sp 00007fffb757a6b8 error 6 in libc-2.12.so[3000400000+18a000] sed[1678]: segfault at 0 ip 00000030004c4800 sp 00007ffff1e3db48 error 6 in libc-2.12.so[3000400000+18a000] sed[1688]: segfault at 0 ip 00000030004c4800 sp 00007fff550a3b68 error 6 in libc-2.12.so[3000400000+18a000] sed[1708]: segfault at 0 ip 00000030004c4800 sp 00007fffe1127118 error 6 in libc-2.12.so[3000400000+18a000] sed[1744]: segfault at 0 ip 00000030004c2091 sp (null) error 6 in libc-2.12.so[3000400000+18a000] sed[1768]: segfault at 0 ip 00000030004c4800 sp 00007fffee010d28 error 6 in libc-2.12.so[3000400000+18a000] sed[1775]: segfault at 0 ip 00000030004c4800 sp 00007fff13814028 error 6 in libc-2.12.so[3000400000+18a000] Downgrading to 2.12-1.149.el6_6.4 gives me a working system again. On 28/01/2015 11:44 AM, Steven Haigh wrote: > As an FYI: > > A heap-based buffer overflow was found in __nss_hostname_digits_dots(), > which is used by the gethostbyname() and gethostbyname2() glibc function > call. A remote attacker could use this flaw to execute arbitary code > with the permissions of the user running the application. > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 > > https://rhn.redhat.com/errata/RHSA-2015-0092.html > -- Steven Haigh Email: net...@crc.id.au Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897
signature.asc
Description: OpenPGP digital signature