Issued:: 2011-12-06
Updated:: 2011-12-06

RHEA-2011:1676 - tcp_wrappers enhancement update

Synopsis

tcp_wrappers enhancement update

Type/Severity

Product Enhancement Advisory (none)

Topic

Enhanced tcp_wrappers packages are now available for Red Hat Enterprise Linux 6.

Description

The tcp_wrappers packages provide small daemon programs which can monitor and filter incoming requests for systat, finger, FTP, telnet, rlogin, rsh, exec, tftp, talk and other network services. These packages also contain the libwrap library, which adds the same filtering capabilities to programs linked against it, such as to sshd among others.

This update adds the following enhancement:

Previously, the tcp_wrappers packages were compiled without the RELRO (read-only relocations) flag. Programs provided by this package and also programs built against the tcp_wrappers libraries were thus vulnerable to various attacks based on overwriting the ELF section of a program. To increase the security of tcp_wrappers programs and libraries, the tcp_wrappers spec file has been modified to use the "-Wl,-z,relro" flags when compiling the packages. As a result, the tcp_wrappers packages are now provided with partial RELRO protection. (BZ#727287)

Users of tcp_wrappers are advised to upgrade to these updated packages, which add this enhancement.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Product	Version	Arch
Red Hat Enterprise Linux for Scientific Computing	6	x86_64
Red Hat Enterprise Linux for Power, big endian	6	ppc64
Red Hat Enterprise Linux for IBM z Systems	6	s390x
Red Hat Enterprise Linux Workstation	6	x86_64
Red Hat Enterprise Linux Workstation	6	i386
Red Hat Enterprise Linux Server	6	x86_64
Red Hat Enterprise Linux Server	6	i386
Red Hat Enterprise Linux Server from RHUI	6	x86_64
Red Hat Enterprise Linux Server from RHUI	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems)	6	s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems)	6	s390x
Red Hat Enterprise Linux Desktop	6	x86_64
Red Hat Enterprise Linux Desktop	6	i386

Updated Packages

tcp_wrappers-libs-7.6-57.el6.ppc.rpm
tcp_wrappers-devel-7.6-57.el6.x86_64.rpm
tcp_wrappers-debuginfo-7.6-57.el6.s390x.rpm
tcp_wrappers-debuginfo-7.6-57.el6.i686.rpm
tcp_wrappers-libs-7.6-57.el6.ppc64.rpm
tcp_wrappers-debuginfo-7.6-57.el6.s390.rpm
tcp_wrappers-devel-7.6-57.el6.ppc.rpm
tcp_wrappers-debuginfo-7.6-57.el6.ppc.rpm
tcp_wrappers-devel-7.6-57.el6.ppc64.rpm
tcp_wrappers-7.6-57.el6.src.rpm
tcp_wrappers-libs-7.6-57.el6.s390.rpm
tcp_wrappers-devel-7.6-57.el6.s390.rpm
tcp_wrappers-7.6-57.el6.ppc64.rpm
tcp_wrappers-devel-7.6-57.el6.i686.rpm
tcp_wrappers-libs-7.6-57.el6.x86_64.rpm
tcp_wrappers-devel-7.6-57.el6.s390x.rpm
tcp_wrappers-debuginfo-7.6-57.el6.x86_64.rpm
tcp_wrappers-7.6-57.el6.x86_64.rpm
tcp_wrappers-7.6-57.el6.i686.rpm
tcp_wrappers-libs-7.6-57.el6.i686.rpm
tcp_wrappers-debuginfo-7.6-57.el6.ppc64.rpm
tcp_wrappers-7.6-57.el6.s390x.rpm
tcp_wrappers-libs-7.6-57.el6.s390x.rpm

Fixes

This content is not included.BZ - 727287

CVEs

(none)

References

(none)

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.