zoukankan      html  css  js  c++  java

  • CVE-2018-1111 漏洞修复

    1. 操作系统版本

    Red Hat Enterprise Linux Server release 7.2 (Maipo)

    2. 下载软件包

    去官网找了好久,但是没找到如何下载,于是找到了一个国内的地址
地址:http://mirrors.163.com/centos/7/os/x86_64/Packages/ ,用CTRL+F搜索需要的包
网上搜博客,看见说只需要下载dhclient和dhcp-common这两个包,但是由于后面安装的时候会有各种依赖问题,所以我还是把相关的所有包都下下来了,下图就是我准备的包

bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm
dhclient-4.2.5-82.el7.centos.x86_64.rpm
dhcp-4.2.5-82.el7.centos.x86_64.rpm
dhcp-common-4.2.5-82.el7.centos.x86_64.rpm
dhcp-devel-4.2.5-82.el7.centos.x86_64.rpm
dhcp-libs-4.2.5-82.el7.centos.x86_64.rpm

    3. 开始修复漏洞(升级)

    # 查看升级前的包
[root@liangd-server0006 yihai-rpm]# rpm -qa|grep dhclient
dhclient-4.2.5-42.el7.x86_64
[root@liangd-server0006 yihai-rpm]# rpm -qa|grep dhcp-common
dhcp-common-4.2.5-42.el7.x86_64

# 卸载
[root@liangd-server0006 yihai-rpm]# rpm -e --nodeps dhclient-4.2.5-42.el7.x86_64 dhcp-common-4.2.5-42.el7.x86_64

# 安装
[root@liangd-server0006 yihai-rpm]# rpm -ivh dhcp-common-4.2.5-82.el7.centos.x86_64.rpm
警告:dhcp-common-4.2.5-82.el7.centos.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中...                          ################################# [100%]
正在升级/安装...
   1:dhcp-common-12:4.2.5-82.el7.cento################################# [100%]
[root@liangd-server0006 yihai-rpm]# rpm -Uvh bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm --nodeps
警告:bind-export-libs-9.11.4-26.P2.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中...                          ################################# [100%]
正在升级/安装...
   1:bind-export-libs-32:9.11.4-26.P2.################################# [100%]
[root@liangd-server0006 yihai-rpm]# rpm -ivh dhclient-4.2.5-82.el7.centos.x86_64.rpm
警告:dhclient-4.2.5-82.el7.centos.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中...                          ################################# [100%]
正在升级/安装...
   1:dhclient-12:4.2.5-82.el7.centos  ################################# [100%]

[root@liangd-server0006 yihai-rpm]# rpm -qa --changelog dhclient  | grep CVE-2018 # 出现Resolves就表示漏洞已经被修复,修复前执行这个命令是没有输出的
- Resolves: #1570895 - Fix command execution vulnerability (CVE-2018-1111)
- Resolves: #1549999 - CVE-2018-5733  Avoid buffer overflow reference counter
- Resolves #1549998 :CVE-2018-5732  Avoid buffer overflow in options parser

    4. 参考博客

    https://blog.csdn.net/liu2612348/article/details/80388943?utm_medium=distribute.pc_relevant_download.none-task-blog-2~default~BlogCommendFromBaidu~default-5.nonecase&depth_1-utm_source=distribute.pc_relevant_download.none-task-blog-2~default~BlogCommendFromBaidu~default-5.nonecas
  • 相关阅读:
    vue中实现后台管理路由标签页
    vue实现侧边导航栏
    node学习(-)
    javascript面试题(二)
    尾递归(简要)
    javascript面试题(一)
    Windows平台基于RTMP实现一对一互动直播
    如何实现RTMP推送Android Camera2数据
    Windows平台RTMP/RTSP直播推送模块设计和使用说明
    如何设计一款跨平台低延迟的RTMP/RTSP直播播放器
  • 原文地址:https://www.cnblogs.com/xiets/p/14765760.html
Copyright © 2011-2022 走看看