RHBA-2013:0073 - Bug Fix Advisory

Topic

Updated man-pages-overrides packages that fix several bugs are now available for
Red Hat Enterprise Linux 5.

Description

The man-pages-overrides package contains a collection of manual pages to
complement other packages or update those contained therein.

This update fixes the following bugs:

• Previously, the size of the buffer "entry" for the readdir_r() function was

undocumented in the readdir(3) manual page. Consequently, a buffer overflow in
user programs could occur. With this update, the readdir(3) manual page has been
backported from Red Hat Enterprise Linux 6. As a result, the documentation of
the readdir() and readdir_r() functions is now more accurate. (BZ#621953)

• Previously, the proper usage of the IPv6 addresses was not described in the

ssh(1), scp(1), sftp(1) and sshd(8) manual pages. This update adapts these
manual pages to reduce the possible ambiguity in the IPv6 address notation.
(BZ#695783)

• Prior to this update, the vpdupdate(8) manual page did not contain any

description of the "-a", "-s" and "-v" options. The manual page has been updated
and the aforementioned options are now documented properly. (BZ#782006)

• The nscd.conf(5) manual page was missing some descriptions and contained

several duplicate entries. With this update, the text has been clarified and
redundant entries have been removed. (BZ#783739)

• Previously, the nsswitch.conf(5) manual page lacked information on the search

mechanism, particularly about the "notfound" status. This update adds this
information to the manual page. (BZ#786684)

• Prior to this update, the behavior of the connect() call with the local

address set to INADDR_ANY was insufficiently described in the ip(7) manual page.
Possible duplication of the local port after the call was not acknowledged. With
this update, the documentation has been reworked in order to reflect the
behavior of the connect() call correctly. (BZ#787567)

• Due to a vague description of the getdents() call in the getdents(2) manual

page, the risk of using this call directly was not clear enough. The description
has been extended with a warning to prevent incorrect usage of the getdents()
call. (BZ#809490)

• Previously, the "-q" option of the scp program was insufficiently described in

the scp(1) manual page. Part of its functionality was not mentioned, which could
lead to unwanted results. The description has been extended and now provides a
full characteristic of the "-q" option. (BZ#838395)

All users of man-pages-overrides are advised to upgrade to these updated
packages, which fix these bugs.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 621953 - function readdir_r appears to return data beyond the buffer (overflow)
• BZ - 695783 - Clarify IPv6 usage in ssh, scp, sftp man pages
• BZ - 840847 - man-pages-overrides 5.9 remove bug tracker

CVEs

(none)

References

(none)