Medium: libtirpc

2014-09-15T23:09:00
ID ALAS-2013-199
Type amazon
Reporter Amazon
Modified 2014-09-15T23:09:00

Description

Issue Overview:

A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbind, to crash. (CVE-2013-1950 __)

Affected Packages:

libtirpc

Issue Correction:
Run yum update libtirpc to update your system.

New Packages:

i686:  
    libtirpc-devel-0.2.1-6.8.amzn1.i686  
    libtirpc-0.2.1-6.8.amzn1.i686  
    libtirpc-debuginfo-0.2.1-6.8.amzn1.i686

src:  
    libtirpc-0.2.1-6.8.amzn1.src

x86_64:  
    libtirpc-debuginfo-0.2.1-6.8.amzn1.x86_64  
    libtirpc-devel-0.2.1-6.8.amzn1.x86_64  
    libtirpc-0.2.1-6.8.amzn1.x86_64