ALAS-2013-199

Amazon Linux 1 Security Advisory: ALAS-2013-199
Advisory Release Date: 2013-06-11 22:45 Pacific
Advisory Updated Date: 2014-09-15 23:09 Pacific

Severity: Medium

References: CVE-2013-1950 RHSA-2013-0884
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbind, to crash. (CVE-2013-1950)

Affected Packages:

libtirpc

Issue Correction:
Run yum update libtirpc to update your system.

New Packages:

i686:
    libtirpc-devel-0.2.1-6.8.amzn1.i686
    libtirpc-0.2.1-6.8.amzn1.i686
    libtirpc-debuginfo-0.2.1-6.8.amzn1.i686

src:
    libtirpc-0.2.1-6.8.amzn1.src

x86_64:
    libtirpc-debuginfo-0.2.1-6.8.amzn1.x86_64
    libtirpc-devel-0.2.1-6.8.amzn1.x86_64
    libtirpc-0.2.1-6.8.amzn1.x86_64

Additional References

Red Hat: CVE-2013-1950

Mitre: CVE-2013-1950