Ubuntu 12.04.5 LTS won't update libc6 to 2.15-0ubuntu10.10
If your on a 64 bit system check out This Launchpad and you will find the .deb you need there. If x86 im sure we can find that too if needed.
Edit: also a package search shows Trusty has 2.19-0Ubuntu6.4 and Utopic has 2.19-10Ubuntu2.1
Edit2: This Launchpad has the needed libc-bin
Related videos on Youtube
Nathan Jones
Updated on September 18, 2022Comments
-
Nathan Jones over 1 year
In light of CVE-2015-0235, I set out to upgrade my Ubuntu Servers today. I have a 12.04.5 LTS server that refuses to update my
libc6
package to the version that does not contain the vulnerability (2.15-0ubuntu10.10
, according to this). When I runapt-get update && apt-get upgrade
andapt-get dist-upgrade
,libc6
was upgraded to version2.15-0ubuntu10.9
, not to2.15-0ubuntu10.10
. After updating packages I rebooted the server.Then I ran the C program found in the Security Advisory to see if the server was still vulnerable, which it is as the output is "vulnerable".
My
/etc/apt/sources.list
files includes the Ubuntu precise-security repositories:deb http://security.ubuntu.com/ubuntu precise-security main restricted deb-src http://security.ubuntu.com/ubuntu precise-security main restricted deb http://security.ubuntu.com/ubuntu precise-security universe deb-src http://security.ubuntu.com/ubuntu precise-security universe deb http://security.ubuntu.com/ubuntu precise-security multiverse deb-src http://security.ubuntu.com/ubuntu precise-security multiverse
Why can't I update
libc6
to2.15-0ubuntu10.10
?EDIT: I just tried installing the .deb linked by @geoffmcc by running
dpkg -i libc6_2.15-0ubuntu10_amd64.deb
as root, and here's the error message I get:dpkg: warning: downgrading libc6 from 2.15-0ubuntu10.9 to 2.15-0ubuntu10. (Reading database ... 102787 files and directories currently installed.) Preparing to replace libc6 2.15-0ubuntu10.9 (using libc6_2.15-0ubuntu10_amd64.deb) ... Unpacking replacement libc6 ... dpkg: dependency problems prevent configuration of libc6: libc6 depends on libc-bin (= 2.15-0ubuntu10); however: Version of libc-bin on system is 2.15-0ubuntu10.9. dpkg: error processing libc6 (--install): dependency problems - leaving unconfigured Errors were encountered while processing: libc6
EDIT 2: I have no idea why, but running
apt-get update && apt-get upgrade
again this morning presented the updates I needed. I can now run the C vulnerability checker and get "not vulnerable" to output. I ended up runningapt-get install -f
to for apt-get to replace the.deb
s that I installed manually, and the correct versions were installed.-
g_p about 9 yearsCan you post the output of
apt-cache policy libc6
.
-
-
Nathan Jones about 9 yearsPlease see my updated answer.
-
geoffmcc about 9 years@Nathan see edit 2. But also as I pointed out in another edit, newer distributions have what you need if a backup/update is possible, might be less of a headache. I suspect you still may get some errors. If do, let me know and I will try and find what you need. Having said that, not sure why error calling it a downgrade. Clearly an upgrade.
-
Nathan Jones about 9 yearsThanks for your help, geoffmcc. We will be creating a replacement 14.04 LTS server for the code that's running on this server soon, and we might just abandon this server without patching this vulnerability.
-
geoffmcc about 9 yearsYeah. The second one might just get you there, but it may also gripe about other things being an older version than expected. Only one way to find out. But yeah, from what I can tell 14.04 should get you 2.19, so I would assume that's not vulnerable since it sounds fix was in 2.15
-
geoffmcc about 9 yearsUpgrade unless someone more knowledgeable chimes in. I think it near EOL anyways..... Strike that, looks like it supported till 2017, but don't seem to be getting the updates it needs
-
geoffmcc about 9 yearsI have 14.04 server on cloud. If you want to link your code to check if vulnerable, I can check out for you
-
Nathan Jones about 9 yearsI have some 14.04 servers that have successfully been patched, and the C vulnerability checker prints "not vulnerable", so I'm pretty confident the code works.
-
Nathan Jones about 9 yearsDo you think I would have to uninstall the old version of libc/libc-dev? I wouldn't think so because dpkg said it was replacing those old versions.
-
geoffmcc about 9 yearsYou shouldn't need to. dpkg would have taken care of that. But I found it odd that if you look again dpkg was actually calling it a downgrade for some reason.