阿里云漏洞修复记录-持续更新
阿里服务器告警有漏洞,怎么更新呢
方法如下:
==================================================================================
RHSA-2020:0630: ppp 安全更新
漏洞描述:ppp 2.4.2到2.4.8中的pppd中的eap.c在eap_request和eap_response函数中有一个rhostname缓冲区溢出。
软件:
ppp 2.4.5-33.el7
命中:
ppp version less than 2.4.5-34.el7_7
路径:
/etc/logrotate.d
修复命令:yum update ppp
==================================================================================
==================================================================================
RHSA-2022:0274: polkit pkexec 本地提权漏洞(CVE-2021-4034)
影响说明
漏洞描述:2022年1月25日 qualys安全研究人员披露 CVE-2021-4034 polkit pkexec 本地提权漏洞 漏洞细节,polkit pkexec 中对命令行参数处理有误,导致参数注入,能够导致本地提权。
软件:
polkit 0.112-22.el7_7.1
命中:
polkit version less than 0:0.112-26.el7_9.1
路径:
/etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
修复命令:
yum update polkit
完整解决记录:
[root@itlife365.com ~]# yum update ppp
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
epel | 4.3 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
Determining fastest mirrors
Resolving Dependencies
--> Running transaction check
---> Package ppp.x86_64 0:2.4.5-33.el7 will be updated
---> Package ppp.x86_64 0:2.4.5-34.el7_7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=========================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================
Updating:
ppp x86_64 2.4.5-34.el7_7 base 358 k
Transaction Summary
=========================================================================================================================
Upgrade 1 Package
Total download size: 358 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
ppp-2.4.5-34.el7_7.x86_64.rpm | 358 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : ppp-2.4.5-34.el7_7.x86_64 1/2
Cleanup : ppp-2.4.5-33.el7.x86_64 2/2
Verifying : ppp-2.4.5-34.el7_7.x86_64 1/2
Verifying : ppp-2.4.5-33.el7.x86_64 2/2
Updated:
ppp.x86_64 0:2.4.5-34.el7_7
Complete!
[root@itlife365.com ~]# yum update polkit
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package polkit.x86_64 0:0.112-12.el7_3 will be updated
---> Package polkit.x86_64 0:0.112-26.el7_9.1 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================
Updating:
polkit x86_64 0.112-26.el7_9.1 updates 170 k
Transaction Summary
====================================================================================================================================
Upgrade 1 Package
Total download size: 170 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
polkit-0.112-26.el7_9.1.x86_64.rpm | 170 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : polkit-0.112-26.el7_9.1.x86_64 1/2
Cleanup : polkit-0.112-12.el7_3.x86_64 2/2
Verifying : polkit-0.112-26.el7_9.1.x86_64 1/2
Verifying : polkit-0.112-12.el7_3.x86_64 2/2
Updated:
polkit.x86_64 0:0.112-26.el7_9.1
Complete!
[root@itlife365.com ~]#
--END
