tech-security: What is SA2003-008 vulnerability?

Subject: What is SA2003-008 vulnerability?
To: None <tech-security@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-security
Date: 03/26/2003 10:37:13

The NetBSD Security Advisory 2003-008 says "... restart running instances
of programs that use the libc rpc library after upgrading." And "If you
have any statically-linked binaries that linked against a vulnerable libc
and uses rpc, you need to recompile them."

And the solution shows rebuilding libc.

What about libamu (of am-utils)? I believe it uses xdrmem_create(). But
maybe it is okay if it uses new libc.

What about librpcsvc? It uses other xdr code.

Anything else?

   Jeremy C. Reed
   http://bsd.reedmedia.net/

p.s. I already asked earlier, but didn't receive any response.