ALAS-2013-199


Amazon Linux AMI Security Advisory: ALAS-2013-199
Advisory Release Date: 2014-09-15 23:09 Pacific
Severity: Medium

Issue Overview:

A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbind, to crash. (CVE-2013-1950 )


Affected Packages:

libtirpc


Issue Correction:
Run yum update libtirpc to update your system.

New Packages:
i686:
    libtirpc-devel-0.2.1-6.8.amzn1.i686
    libtirpc-0.2.1-6.8.amzn1.i686
    libtirpc-debuginfo-0.2.1-6.8.amzn1.i686

src:
    libtirpc-0.2.1-6.8.amzn1.src

x86_64:
    libtirpc-debuginfo-0.2.1-6.8.amzn1.x86_64
    libtirpc-devel-0.2.1-6.8.amzn1.x86_64
    libtirpc-0.2.1-6.8.amzn1.x86_64