Updated glibc packages are available to fix an integer overflow in the XDR decoder. The glibc package contains standard libraries that are used by multiple programs on the system. Sun RPC is a remote procedure call framework that allows clients to invoke procedures in a server process over a network. XDR is a mechanism for encoding data structures for use with RPC. Glibc contains an XDR encoder/decoder derived from Sun's RPC implementation, which was demonstrated to be vulnerable to an integer overflow. An integer overflow is present in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. Depending upon the application, this vulnerability could cause buffer overflows and may be exploitable leading to arbitrary code execution. This is for i386 only, I saw no alpha updates :/ I've ifdef'ed it so we have the older version in the alpha side of things.
State Changed From-To: open->analyzed done: - ports/emulators/linux_base updated for i386 and alpha - ports/emulators/linux_base-6 updated for i386 and forbidden for alpha to do: - prepare Alpha glibc packages for linux_base-6
State Changed From-To: analyzed->closed emulators/linux_base was also updated for -alpha.