鉴于CVE-2015-0235,我今天开始升级我的 Ubuntu 服务器。我有一台 12.04.5 LTS 服务器,它拒绝将我的libc6软件包更新到不包含漏洞的版本(2.15-0ubuntu10.10,根据这)。当我运行apt-get update && apt-get upgrade和时apt-get dist-upgrade,libc6已升级到版本2.15-0ubuntu10.9,而不是2.15-0ubuntu10.10。更新软件包后,我重新启动了服务器。
然后我运行了安全公告查看服务器是否仍然易受攻击,因为输出是“易受攻击”。
我的/etc/apt/sources.list文件包括 Ubuntu 精确安全存储库:
deb http://security.ubuntu.com/ubuntu precise-security main restricted
deb-src http://security.ubuntu.com/ubuntu precise-security main restricted
deb http://security.ubuntu.com/ubuntu precise-security universe
deb-src http://security.ubuntu.com/ubuntu precise-security universe
deb http://security.ubuntu.com/ubuntu precise-security multiverse
deb-src http://security.ubuntu.com/ubuntu precise-security multiverse
为何我无法更新libc6到2.15-0ubuntu10.10?
编辑:我刚刚尝试安装由@geoffmcc以 root 身份运行dpkg -i libc6_2.15-0ubuntu10_amd64.deb,这是我收到的错误消息:
dpkg: warning: downgrading libc6 from 2.15-0ubuntu10.9 to 2.15-0ubuntu10.
(Reading database ... 102787 files and directories currently installed.)
Preparing to replace libc6 2.15-0ubuntu10.9 (using libc6_2.15-0ubuntu10_amd64.deb) ...
Unpacking replacement libc6 ...
dpkg: dependency problems prevent configuration of libc6:
libc6 depends on libc-bin (= 2.15-0ubuntu10); however:
Version of libc-bin on system is 2.15-0ubuntu10.9.
dpkg: error processing libc6 (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
libc6
编辑2:我不知道为什么,但apt-get update && apt-get upgrade今天早上再次运行后,出现了我需要的更新。我现在可以运行 C 漏洞检查器,并输出“不易受攻击”。我最终运行apt-get install -fapt-get 来替换.deb我手动安装的 s,并安装了正确的版本。