RHBA-2013:1453 - Bug Fix Advisory

Topic

Updated rpcbind packages that fix one bug are now available for Red Hat
Enterprise Linux 6 Extended Update Support.

Description

The rpcbind utility maps RPC (Remote Procedure Call) services to the ports on
which the services listen and allows the host to make RPC calls to the RPC
server.

This update fixes the following bug:

• Previously, in the insecure mode, which enables non-root users to set or unset

ports, a privileged port was required. As only root users can obtain a
privileged port, non-root users could not set or unset ports. To fix this bug,
the privileged port has been removed, and thus non-root users are now allowed to
set or unset ports on the loopback interface. (BZ#858573)

All users of rpcbind are advised to upgrade to these updated packages, which fix
this bug.

Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.3 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.3 i386
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.3 s390x
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.3 ppc64
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.3 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.3 i386
• Red Hat Enterprise Linux EUS Compute Node 6.3 x86_64

Fixes

• BZ - 858573 - rpcbind without -i restricts set/unset to root user on localhost, so pmap_set fails for non-root users unless -i is used

CVEs

(none)

References

(none)