问题
Problem is, that there seems to be no updates for glibc if I run
apt-get upgrade
How can I check if my system has this vulnerability, and how can I fix it?
回答1:
Add the following lines to /etc/apt/sources.list (see https://wiki.debian.org/LTS/Using):
deb http://http.debian.net/debian/ squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian/ squeeze-lts main contrib non-free
Run
> apt-get update
Check that package list has been updated:
> apt-cache show libc6 | grep Version
Version: 2.11.3-4
Version: 2.11.3-4+deb6u4 # 'deb6u4' is the fixed version
Update libc
> apt-get install libc6
Check update result:
> dpkg -l libc6
... 'deb6u4' must be displayed in the list.
It is recommended to restart the system after fix.
回答2:
Have a look at the Debian Security tracker page for this issue: it states that the Debian 6 glibc is affected, but that a fix is available in Debian 6 LTS.
To check your version of glibc:
dpkg -l libc6
The fixed version is 2.11.3-4+deb6u4, anything older than that is vulnerable.
You can find information on Debian LTS on the Debian wiki, including how to install updates from it.
来源:https://stackoverflow.com/questions/28217363/how-can-i-fix-ghost-glibc-bug-on-debian-6