Created
January 30, 2015 08:16
-
-
Save eduherraiz/b3180f2c405a91a2ef25 to your computer and use it in GitHub Desktop.
Procedure to update libc6 on debian 5 (lenny), patching, compiling and generating debs. Patch for GHOST CVE-2015-0235
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Update libc6 on Debian 5 lenny, compiling with a patch from the deb code | |
| # Note: This script is not tested, writed to preserve the procedure, be careful. | |
| # Get the package source | |
| apt-get update && apt-get source libc6; apt-get build-dep libc6 | |
| # Patch it | |
| wget https://gist.githubusercontent.com/eduherraiz/ea6884ca90622dede558/raw/87e14d4280f2d75f77f17e26d6cd8b4e0237f015/cve-2015-0235-lenny.diff --no-check-certificate -O glibc-2.7/debian/patches/all/cve-2015-0235-lenny.diff | |
| echo "all/cve-2015-0235-lenny.diff" >> glibc-2.7/debian/patches/series | |
| # Build de packages, note the final disk space you will need is near 2GB | |
| # and 90 minutes to compile and create the debs | |
| cd glibc-2.7 && debuild | |
| # You will see an error like: | |
| # debsign: gpg error occurred! Aborting.... | |
| # It's normal, the debuild try to sign the packages with the mantainer key | |
| # Install the packages | |
| cd .. | |
| dpkg -i libc6_2.7-18lenny7_amd64.deb | |
| dpkg -i libc6-dev_2.7-18lenny7_amd64.deb | |
| dpkg -i libc6-i386_2.7-18lenny7_amd64.deb | |
| dpkg -i libc6-dev-i386_2.7-18lenny7_amd64.deb | |
| # Check the vulnerability, and if not vulnerable reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment