Headline
RHSA-2022:8400: Red Hat Security Advisory: libtirpc security update
An update for libtirpc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-46828: libtirpc: DoS vulnerability with lots of connections
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-15
Updated:
2022-11-15
RHSA-2022:8400 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: libtirpc security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libtirpc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libtirpc packages contain SunLib’s implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages.
Security Fix(es):
- libtirpc: DoS vulnerability with lots of connections (CVE-2021-46828)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2109352 - CVE-2021-46828 libtirpc: DoS vulnerability with lots of connections
- BZ - 2118157 - CVE-2021-46828 libtirpc: Upgrade to the latest upstream release libtirpc-1.3.3 [rhel-9.1.0]
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
libtirpc-1.3.3-0.el9.src.rpm
SHA-256: 935552bec0b762d68769824ab21b44025142e0bad2f3f29abfa64abad2ea074c
x86_64
libtirpc-1.3.3-0.el9.i686.rpm
SHA-256: a01a1d0627b7c51f609d12722779375cc94d22cf375eb95717cb4da210e0ba15
libtirpc-1.3.3-0.el9.x86_64.rpm
SHA-256: 5efd509dcb41f7f39b066b0c21f3b77557e1ad75c5b3e58fc900478641bca4d6
libtirpc-debuginfo-1.3.3-0.el9.i686.rpm
SHA-256: c8f1aadfa7cc12f1a217d7fb476007ecf682c3081d5c3fafdbf4b2f025dcf9b8
libtirpc-debuginfo-1.3.3-0.el9.x86_64.rpm
SHA-256: 2463c7519103fc8f83c420077d929d219038fd2cce95fdac8d48b2e9292671a2
libtirpc-debugsource-1.3.3-0.el9.i686.rpm
SHA-256: 3fbcb293ed2cbf4018a6b3b42f114da82f823aa35af7937a911449bb8bcafd1f
libtirpc-debugsource-1.3.3-0.el9.x86_64.rpm
SHA-256: b0c1b9d49994047351fc171eb2f2f83faa65c0fb4194b504f00fe4b0126eab04
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
libtirpc-1.3.3-0.el9.src.rpm
SHA-256: 935552bec0b762d68769824ab21b44025142e0bad2f3f29abfa64abad2ea074c
s390x
libtirpc-1.3.3-0.el9.s390x.rpm
SHA-256: 535c991b75b4c883c8b3b87f7774c7977093f3bfbd9c07e2f996e8c05fcc0923
libtirpc-debuginfo-1.3.3-0.el9.s390x.rpm
SHA-256: dd93720c75dd5bddb6617f53460940e89d2707abb25effd83c4a48afda6b6ae3
libtirpc-debugsource-1.3.3-0.el9.s390x.rpm
SHA-256: db141fab4ea5fcb5f949ec14893a20717308e92f958da88cf9973a4b135a5513
Red Hat Enterprise Linux for Power, little endian 9
SRPM
libtirpc-1.3.3-0.el9.src.rpm
SHA-256: 935552bec0b762d68769824ab21b44025142e0bad2f3f29abfa64abad2ea074c
ppc64le
libtirpc-1.3.3-0.el9.ppc64le.rpm
SHA-256: dc41cc269306de367a15d50d2db409cca601b691b9ed5fa0c60c9d1e918a21d2
libtirpc-debuginfo-1.3.3-0.el9.ppc64le.rpm
SHA-256: 9ba5ff2019a2a0b4911da4e4fbe597397f8ed63e853c6fda4564e0d19db42dff
libtirpc-debugsource-1.3.3-0.el9.ppc64le.rpm
SHA-256: 4dba6285c79582a3cdc511c812bdb8013d7eb8014aa3c3ac7e225bb8a3e245d8
Red Hat Enterprise Linux for ARM 64 9
SRPM
libtirpc-1.3.3-0.el9.src.rpm
SHA-256: 935552bec0b762d68769824ab21b44025142e0bad2f3f29abfa64abad2ea074c
aarch64
libtirpc-1.3.3-0.el9.aarch64.rpm
SHA-256: 200c08900a574bcc33b3809f4d3a6889b8a178d6881f7b1abd5956c93d406d3b
libtirpc-debuginfo-1.3.3-0.el9.aarch64.rpm
SHA-256: 7968a83c30ea30c934a006accd9ead9a998ce14d5de378dc1fc9c92d92cf557e
libtirpc-debugsource-1.3.3-0.el9.aarch64.rpm
SHA-256: ac85e6d89501d4dcec320a2d0813fdab2605e16acafb32dded8becb3ea0a07f7
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
libtirpc-debuginfo-1.3.3-0.el9.i686.rpm
SHA-256: c8f1aadfa7cc12f1a217d7fb476007ecf682c3081d5c3fafdbf4b2f025dcf9b8
libtirpc-debuginfo-1.3.3-0.el9.x86_64.rpm
SHA-256: 2463c7519103fc8f83c420077d929d219038fd2cce95fdac8d48b2e9292671a2
libtirpc-debugsource-1.3.3-0.el9.i686.rpm
SHA-256: 3fbcb293ed2cbf4018a6b3b42f114da82f823aa35af7937a911449bb8bcafd1f
libtirpc-debugsource-1.3.3-0.el9.x86_64.rpm
SHA-256: b0c1b9d49994047351fc171eb2f2f83faa65c0fb4194b504f00fe4b0126eab04
libtirpc-devel-1.3.3-0.el9.i686.rpm
SHA-256: bccdf48ed8c3f4ad3b2b37de1ed3323cef4417b5bd1bfa571e679185edf1c998
libtirpc-devel-1.3.3-0.el9.x86_64.rpm
SHA-256: 3e3fb69c9c81da1a8def6a91906df60e5ff89b52c7af9a54ecc8501a7af3b2d7
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
libtirpc-debuginfo-1.3.3-0.el9.ppc64le.rpm
SHA-256: 9ba5ff2019a2a0b4911da4e4fbe597397f8ed63e853c6fda4564e0d19db42dff
libtirpc-debugsource-1.3.3-0.el9.ppc64le.rpm
SHA-256: 4dba6285c79582a3cdc511c812bdb8013d7eb8014aa3c3ac7e225bb8a3e245d8
libtirpc-devel-1.3.3-0.el9.ppc64le.rpm
SHA-256: 293685fdcc6d8bd487924433431e32d75968fc9d8d67074ae41cc969a825738d
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
libtirpc-debuginfo-1.3.3-0.el9.aarch64.rpm
SHA-256: 7968a83c30ea30c934a006accd9ead9a998ce14d5de378dc1fc9c92d92cf557e
libtirpc-debugsource-1.3.3-0.el9.aarch64.rpm
SHA-256: ac85e6d89501d4dcec320a2d0813fdab2605e16acafb32dded8becb3ea0a07f7
libtirpc-devel-1.3.3-0.el9.aarch64.rpm
SHA-256: dc6c2517caffcfa7f4aa095b6da88dd616a87d83dfa608c3337fda0fa415ebb4
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
libtirpc-debuginfo-1.3.3-0.el9.s390x.rpm
SHA-256: dd93720c75dd5bddb6617f53460940e89d2707abb25effd83c4a48afda6b6ae3
libtirpc-debugsource-1.3.3-0.el9.s390x.rpm
SHA-256: db141fab4ea5fcb5f949ec14893a20717308e92f958da88cf9973a4b135a5513
libtirpc-devel-1.3.3-0.el9.s390x.rpm
SHA-256: 2ba3329102b8915ed13c5fe6a310ae856ab72c4a29888c6fa46248757eaca884
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Red Hat Security Advisory 2022-8400-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Issues addressed include a denial of service vulnerability.
Gentoo Linux Security Advisory 202210-33 - A vulnerability has been discovered in Libtirpc which could result in denial of service. Versions less than 1.3.2 are affected.
Ubuntu Security Notice 5538-1 - It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.