-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-9204 2008-10-30 11:39:02 --------------------------------------------------------------------------------
Name : libtirpc Product : Fedora 9 Version : 0.1.7 Release : 20.fc9 URL : http://nfsv4.bullopensource.org/ Summary : Transport Independent RPC Library Description : This package contains SunLib's implementation of transport-independent RPC (TI-RPC) documentation. This library forms a piece of the base of Open Network Computing (ONC), and is derived directly from the Solaris 2.3 source.
TI-RPC is an enhanced version of TS-RPC that requires the UNIX System V Transport Layer Interface (TLI) or an equivalent X/Open Transport Interface (XTI). TI-RPC is on-the-wire compatible with the TS-RPC, which is supported by almost 70 vendors on all major operating systems. TS-RPC source code (RPCSRC 4.0) remains available from several internet sites.
-------------------------------------------------------------------------------- Update Information:
CVE-2008-4619 -------------------------------------------------------------------------------- ChangeLog:
* Mon Oct 27 2008 Steve Dickson steved@redhat.com 0.1.7-20 - Fix bad assumption taddr2uaddr processing that caused a segfault (bz468014) * Tue Sep 16 2008 Steve Dickson steved@redhat.com 0.1.7-19 - Added super-H(sh3,sh4) architecture support - Updated COPYING with new license agreement - Fix incorrect sizeof() in __rpc_getbroadifs - Fix for taddr2addr conversion bug of local addresses - Fixed some of warnings in: src/auth_time.c, src/clnt_dg.c and src/clnt_raw.c -------------------------------------------------------------------------------- References:
[ 1 ] Bug #468014 - CVE-2008-4619 libtirpc: rpcbind DoS in the taddr2uaddr XDR_DECODE https://bugzilla.redhat.com/show_bug.cgi?id=468014 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update libtirpc' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------