These packages provide a transport-independent RPC (remote procedure call)
implementation.
A flaw was found in the way libtirpc decoded RPC requests. A
specially-crafted RPC request could cause libtirpc to attempt to free a
buffer provided by an application using the library, even when the buffer
was not dynamically allocated. This could cause an application using
libtirpc, such as rpcbind, to crash. (CVE-2013-1950)
Red Hat would like to thank Michael Armstrong for reporting this issue.
Users of libtirpc should upgrade to these updated packages, which contain a
backported patch to correct this issue. All running applications using
libtirpc must be restarted for the update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | s390 | libtirpc | < 0.2.1-6.el6_4 | libtirpc-0.2.1-6.el6_4.s390.rpm |
RedHat | 6 | s390 | libtirpc-debuginfo | < 0.2.1-6.el6_4 | libtirpc-debuginfo-0.2.1-6.el6_4.s390.rpm |
RedHat | 6 | x86_64 | libtirpc-devel | < 0.2.1-6.el6_4 | libtirpc-devel-0.2.1-6.el6_4.x86_64.rpm |
RedHat | 6 | x86_64 | libtirpc | < 0.2.1-6.el6_4 | libtirpc-0.2.1-6.el6_4.x86_64.rpm |
RedHat | 6 | ppc64 | libtirpc-debuginfo | < 0.2.1-6.el6_4 | libtirpc-debuginfo-0.2.1-6.el6_4.ppc64.rpm |
RedHat | 6 | ppc | libtirpc-devel | < 0.2.1-6.el6_4 | libtirpc-devel-0.2.1-6.el6_4.ppc.rpm |
RedHat | 6 | s390x | libtirpc-debuginfo | < 0.2.1-6.el6_4 | libtirpc-debuginfo-0.2.1-6.el6_4.s390x.rpm |
RedHat | 6 | s390x | libtirpc | < 0.2.1-6.el6_4 | libtirpc-0.2.1-6.el6_4.s390x.rpm |
RedHat | 6 | ppc | libtirpc-debuginfo | < 0.2.1-6.el6_4 | libtirpc-debuginfo-0.2.1-6.el6_4.ppc.rpm |
RedHat | 6 | ppc64 | libtirpc-devel | < 0.2.1-6.el6_4 | libtirpc-devel-0.2.1-6.el6_4.ppc64.rpm |