Subject: What is SA2003-008 vulnerability?
To: None <email@example.com>
From: Jeremy C. Reed <firstname.lastname@example.org>
Date: 03/26/2003 10:37:13
The NetBSD Security Advisory 2003-008 says "... restart running instances
of programs that use the libc rpc library after upgrading." And "If you
have any statically-linked binaries that linked against a vulnerable libc
and uses rpc, you need to recompile them."
And the solution shows rebuilding libc.
What about libamu (of am-utils)? I believe it uses xdrmem_create(). But
maybe it is okay if it uses new libc.
What about librpcsvc? It uses other xdr code.
Jeremy C. Reed
p.s. I already asked earlier, but didn't receive any response.