Subject: What is SA2003-008 vulnerability?
To: None <>
From: Jeremy C. Reed <>
List: tech-security
Date: 03/26/2003 10:37:13
The NetBSD Security Advisory 2003-008 says "... restart running instances
of programs that use the libc rpc library after upgrading." And "If you
have any statically-linked binaries that linked against a vulnerable libc
and uses rpc, you need to recompile them."

And the solution shows rebuilding libc.

What about libamu (of am-utils)? I believe it uses xdrmem_create(). But
maybe it is okay if it uses new libc.

What about librpcsvc? It uses other xdr code.

Anything else?

   Jeremy C. Reed

p.s. I already asked earlier, but didn't receive any response.