Oval Definition:oval:com.redhat.rhsa:def:20130884
Revision Date:2013-05-30Version:636
Title:RHSA-2013:0884: libtirpc security update (Moderate)
Description:These packages provide a transport-independent RPC (remote procedure call) implementation.

  • A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbind, to crash. (CVE-2013-1950)

    Red Hat would like to thank Michael Armstrong for reporting this issue.

    Users of libtirpc should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libtirpc must be restarted for the update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2013-1950
    CVE-2013-1950
    RHSA-2013:0884
    RHSA-2013:0884-01
    RHSA-2013:0884-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libtirpc is earlier than 0:0.2.1-6.el6_4
  • AND libtirpc is signed with Red Hat redhatrelease2 key
  • libtirpc-devel is earlier than 0:0.2.1-6.el6_4
  • AND libtirpc-devel is signed with Red Hat redhatrelease2 key
    • BACK