CentOS Update For Libtirpc CESA-2013:0884 Centos6 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

These packages provide a transport-independent RPC (remote procedure call) implementation. A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbind, to crash. (CVE-2013-1950) Red Hat would like to thank Michael Armstrong for reporting this issue. Users of libtirpc should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libtirpc must be restarted for the update to take effect.

Affected

libtirpc on CentOS 6

References

http://lists.centos.org/pipermail/centos-announce/2013-May/019768.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1950

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1164 (tomcat)
CentOS Update for acpid CESA-2009:1642 centos5 i386
CentOS Security Advisory CESA-2009:1243 (kernel)
CentOS Security Advisory CESA-2009:1536 (pidgin)
CentOS Update for apr CESA-2011:0507 centos4 x86_64

CentOS Update for libtirpc CESA-2013:0884 centos6

Take action and discover your vulnerabilities