000029783 - How to install the GHOST (CVE-2015-0235) Security Patch on RSA DLP 9.5.x and 9.6.x Network appliances

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029783
Applies ToRSA Data Loss Prevention
RSA DLP Network 9.5.x
RSA DLP Network 9.6.x
IssueGNU C "GHOST" vulnerability - CVE-2015-0235
How to install the fix for GNU C library “GHOST” vulnerability or RSA DLP 9.5 and 9.6 Network Appliances?
ResolutionRSA has provided a GHOST Security Patch for CentOS-based Data Loss Prevention appliances and virtual machines.  Follow the steps below to apply the patch.
Installation Steps:
1. Download the patch from RSA SecurCare Online, https://knowledge.rsasecurity.com/scolcms/set.aspx?id=10679:
DLP 9.5.x: Ghost_Security_patch_9_5_X.zip

DLP 9.6.x: Ghost_Security_patch_9_6_X.zip

2. Unzip the downloaded zip file.
3. Following are the RPM packages included in the zip file:
DLP 9.5.x/Cent OS 5:

glibc-2.5-123.el5_11.1.i686.rpm
glibc-common-2.5-123.el5_11.1.i386.rpm
nscd-2.5-123.el5_11.1.i386.rpm


DLP 9.6.x/Cent OS 6:

glibc-2.12-1.149.el6_6.5.x86_64.rpm
glibc-common-2.12-1.149.el6_6.5.x86_64.rpm
nscd-2.12-1.149.el6_6.5.x86_64.rpm

4. Verify the CentOS version on the appliance where the patch will be applied by connecting to the appliance via SSH as the root user and issuing the uname -a command.
NOTE:  CentOS 5 appliances will display el5 in the version, whereas CentOS 6 will display el6.
5. If necessary, install the appropriate CentOS GPG certificate from the CentOS repository.

6. After confirming the CentOS version on the appliance, use WinSCP or your preferred FTP client to transfer the appropriate package to the /tmp directory on the appliance.
7. On the appliance, switch to the root user by issuing the su command and entering the password at the prompt.
8. Navigate to the /tmp directory by issuing the cd /tmp command.
9. Issue the appropriate command below to install Security Patch:
DLP 9.5.x / CentOS 5:

rpm -Uvh --nodeps nscd-2.5-123.el5_11.1.i386.rpm
rpm -Uvh --nodeps glibc-common-2.5-123.el5_11.1.i386.rpm
rpm -Uvh --nodeps glibc-2.5-123.el5_11.1.i686.rpm


DLP 9.6.x / CentOS 6:

rpm  -Uvh --nodeps nscd-2.12-1.149.el6_6.5.x86_64.rpm
rpm  -Uvh --nodeps glibc-common-2.12-1.149.el6_6.5.x86_64.rpm
rpm  -Uvh --nodeps glibc-2.12-1.149.el6_6.5.x86_64.rpm

10. Verify that the new version has been installed by issuing the following command:
rpm -qa | grep glibc

11. Remove the RPM files from the /tmp directory.
12. Exit to return to the tablus user.
13. Type the command tabmenu to get into the tablus menu.
14. Choose Option 6 then Option 2 to reboot the appliance or virtual machine.
CAUTION:  If the appliance or virtual machine is an Interceptor or ICAP server then there will be a service interruption for end-users.
15. Apply for all other appliances and/or virtual machines running RSA DLP 9.5.x or 9.6.x.

Attachments

    Outcomes