Skip to navigation

Enhancement Advisory tcp_wrappers enhancement update

Advisory: RHEA-2011:1676-2
Type: Product Enhancement Advisory
Severity: N/A
Issued on: 2011-12-06
Last updated on: 2011-12-06
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Enhanced tcp_wrappers packages are now available for Red Hat Enterprise Linux 6.

The tcp_wrappers packages provide small daemon programs which can monitor and
filter incoming requests for systat, finger, FTP, telnet, rlogin, rsh, exec,
tftp, talk and other network services. These packages also contain the libwrap
library, which adds the same filtering capabilities to programs linked against
it, such as to sshd among others.

This update adds the following enhancement:

* Previously, the tcp_wrappers packages were compiled without the RELRO
(read-only relocations) flag. Programs provided by this package and also
programs built against the tcp_wrappers libraries were thus vulnerable to
various attacks based on overwriting the ELF section of a program. To increase
the security of tcp_wrappers programs and libraries, the tcp_wrappers spec file
has been modified to use the "-Wl,-z,relro" flags when compiling the packages.
As a result, the tcp_wrappers packages are now provided with partial RELRO
protection. (BZ#727287)

Users of tcp_wrappers are advised to upgrade to these updated packages, which
add this enhancement.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
tcp_wrappers-7.6-57.el6.src.rpm     MD5: e708c0b5c36831e479c7cfad993abc71
SHA-256: 3c4da2315a63f1bae8a9c57c202b6fe609af28f260a35b51cd904947aa585859
 
IA-32:
tcp_wrappers-7.6-57.el6.i686.rpm     MD5: 0c675339f4ac57f9f30ed5abe088ee5f
SHA-256: a9416896f6dcdcfd3a8b190ad6cd5c6246e0b8004205ff083fe3cf4b56800d5c
tcp_wrappers-debuginfo-7.6-57.el6.i686.rpm     MD5: b80af550c767eb39bd64d613949f5fcc
SHA-256: fcd1ae2b5371e231babaedd623dbc16dc7e76909293cb9679c9fba5d6dd905d7
tcp_wrappers-devel-7.6-57.el6.i686.rpm     MD5: e0472df2f8013e6e202e29754df961a9
SHA-256: db031f3ab64e4d4a077231104afab177bea0dd704a3de4994704672bfed1463d
tcp_wrappers-libs-7.6-57.el6.i686.rpm     MD5: dbed0409287d9abe710fa8303cfabd53
SHA-256: eef19018597cbc1c8d52f63584e52f219f0e478ac13ec4e8e149db735b9b83eb
 
x86_64:
tcp_wrappers-7.6-57.el6.x86_64.rpm     MD5: 0446af12595d29c512a6588011cc7ea4
SHA-256: a1ba29fb271a06ebd355c23996ef0124c146234a83bb8e4051c32aecc6ccb641
tcp_wrappers-debuginfo-7.6-57.el6.i686.rpm     MD5: b80af550c767eb39bd64d613949f5fcc
SHA-256: fcd1ae2b5371e231babaedd623dbc16dc7e76909293cb9679c9fba5d6dd905d7
tcp_wrappers-debuginfo-7.6-57.el6.x86_64.rpm     MD5: b569151c12d8ba7890ef986a9501c30f
SHA-256: d392a178fd1250807c12ff6fbe0d14244dd50abf8164c06b57cb7810af1b864a
tcp_wrappers-devel-7.6-57.el6.i686.rpm     MD5: e0472df2f8013e6e202e29754df961a9
SHA-256: db031f3ab64e4d4a077231104afab177bea0dd704a3de4994704672bfed1463d
tcp_wrappers-devel-7.6-57.el6.x86_64.rpm     MD5: f6a4b87f70e4d8952130794b04bf3830
SHA-256: 16dd8e1d1252acd0020874ad9f34d61e963dc2602315b16f57d570c46a1b8943
tcp_wrappers-libs-7.6-57.el6.i686.rpm     MD5: dbed0409287d9abe710fa8303cfabd53
SHA-256: eef19018597cbc1c8d52f63584e52f219f0e478ac13ec4e8e149db735b9b83eb
tcp_wrappers-libs-7.6-57.el6.x86_64.rpm     MD5: 418c63377fde9781bcb1fffb896ca427
SHA-256: 5c0b5b9daf4380b87d277be4b331cff8afaf060dc3b7ef12d302ba45c290325d
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
tcp_wrappers-7.6-57.el6.src.rpm     MD5: e708c0b5c36831e479c7cfad993abc71
SHA-256: 3c4da2315a63f1bae8a9c57c202b6fe609af28f260a35b51cd904947aa585859
 
x86_64:
tcp_wrappers-7.6-57.el6.x86_64.rpm     MD5: 0446af12595d29c512a6588011cc7ea4
SHA-256: a1ba29fb271a06ebd355c23996ef0124c146234a83bb8e4051c32aecc6ccb641
tcp_wrappers-debuginfo-7.6-57.el6.i686.rpm     MD5: b80af550c767eb39bd64d613949f5fcc
SHA-256: fcd1ae2b5371e231babaedd623dbc16dc7e76909293cb9679c9fba5d6dd905d7
tcp_wrappers-debuginfo-7.6-57.el6.x86_64.rpm     MD5: b569151c12d8ba7890ef986a9501c30f
SHA-256: d392a178fd1250807c12ff6fbe0d14244dd50abf8164c06b57cb7810af1b864a
tcp_wrappers-devel-7.6-57.el6.i686.rpm     MD5: e0472df2f8013e6e202e29754df961a9
SHA-256: db031f3ab64e4d4a077231104afab177bea0dd704a3de4994704672bfed1463d
tcp_wrappers-devel-7.6-57.el6.x86_64.rpm     MD5: f6a4b87f70e4d8952130794b04bf3830
SHA-256: 16dd8e1d1252acd0020874ad9f34d61e963dc2602315b16f57d570c46a1b8943
tcp_wrappers-libs-7.6-57.el6.i686.rpm     MD5: dbed0409287d9abe710fa8303cfabd53
SHA-256: eef19018597cbc1c8d52f63584e52f219f0e478ac13ec4e8e149db735b9b83eb
tcp_wrappers-libs-7.6-57.el6.x86_64.rpm     MD5: 418c63377fde9781bcb1fffb896ca427
SHA-256: 5c0b5b9daf4380b87d277be4b331cff8afaf060dc3b7ef12d302ba45c290325d
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
tcp_wrappers-7.6-57.el6.src.rpm     MD5: e708c0b5c36831e479c7cfad993abc71
SHA-256: 3c4da2315a63f1bae8a9c57c202b6fe609af28f260a35b51cd904947aa585859
 
IA-32:
tcp_wrappers-7.6-57.el6.i686.rpm     MD5: 0c675339f4ac57f9f30ed5abe088ee5f
SHA-256: a9416896f6dcdcfd3a8b190ad6cd5c6246e0b8004205ff083fe3cf4b56800d5c
tcp_wrappers-debuginfo-7.6-57.el6.i686.rpm     MD5: b80af550c767eb39bd64d613949f5fcc
SHA-256: fcd1ae2b5371e231babaedd623dbc16dc7e76909293cb9679c9fba5d6dd905d7
tcp_wrappers-devel-7.6-57.el6.i686.rpm     MD5: e0472df2f8013e6e202e29754df961a9
SHA-256: db031f3ab64e4d4a077231104afab177bea0dd704a3de4994704672bfed1463d
tcp_wrappers-libs-7.6-57.el6.i686.rpm     MD5: dbed0409287d9abe710fa8303cfabd53
SHA-256: eef19018597cbc1c8d52f63584e52f219f0e478ac13ec4e8e149db735b9b83eb
 
PPC:
tcp_wrappers-7.6-57.el6.ppc64.rpm     MD5: e5fc8e03e09f2e3de1d56bce2a36e063
SHA-256: be244b76ba1563834ec74eee85252c6db1af7c516b2f3ecc4b3f828b944d0661
tcp_wrappers-debuginfo-7.6-57.el6.ppc.rpm     MD5: e87cbfc9cc472926bb5e3216f830caff
SHA-256: 7c1a632a5e20eba9ef5c2e0d52cd9b58572fa47253ad2aaa5d3969fa70f6a031
tcp_wrappers-debuginfo-7.6-57.el6.ppc64.rpm     MD5: 81f0358eba797b9498c5949262df0829
SHA-256: f80d0d90acecbefe1f936c6d7c3aa41bdd73950d1423e82ba527efa0212d279e
tcp_wrappers-devel-7.6-57.el6.ppc.rpm     MD5: 3c44ed2d9c6ec484ef8c9554daed339e
SHA-256: 1bbb0d88e10b3a4707b464acec7a18e29b1c786e165679f4cbe34211f9e7d3b8
tcp_wrappers-devel-7.6-57.el6.ppc64.rpm     MD5: a9cf2f7e21f71238e540d5f3e9a3235d
SHA-256: 7ce7203a23d6890d38901ae5889811adc146a7f0df0262592a20750ed575cefd
tcp_wrappers-libs-7.6-57.el6.ppc.rpm     MD5: 2996bcf9d431ede9a56b7e08fc311975
SHA-256: d0a68598574eb755b7f0185396c73a939f7a21e3aa84317afc83742a697a7960
tcp_wrappers-libs-7.6-57.el6.ppc64.rpm     MD5: c445b89073af96cb981beea29e3de0f8
SHA-256: 11f5230ae44de9573011b0a3b03a849696a41d7ce8462e5f8f17990a6a0747dd
 
s390x:
tcp_wrappers-7.6-57.el6.s390x.rpm     MD5: 38238bbcd2c3ed628e3a5e699d13f380
SHA-256: e84701495ab312028f22119e41b54ace194f75a886058cb9c452d788ae10138d
tcp_wrappers-debuginfo-7.6-57.el6.s390.rpm     MD5: d188158c993ede39c2f12c0f5784dede
SHA-256: 82563bce74057ee051a3bc417f1577ad0f68acbb42c010c427451477dae18701
tcp_wrappers-debuginfo-7.6-57.el6.s390x.rpm     MD5: 98d0b8293901efde7c6855a95f0fa296
SHA-256: 403484f815b089f57e709840c4d9b2685c90fecdcd3cce9632f69a219721831f
tcp_wrappers-devel-7.6-57.el6.s390.rpm     MD5: 0438498cd2d9b431ab50a401c7531933
SHA-256: 6e758bb13df588104a561720b956e9ad17ad3a88641498e25d793ed4aa590ffe
tcp_wrappers-devel-7.6-57.el6.s390x.rpm     MD5: 4ff508fcffe1fe219c75fcc951171e7e
SHA-256: 4b10d410879212c43e5bfe3b242d57a3da54472e0ea24de6b7be6456ab20a9cc
tcp_wrappers-libs-7.6-57.el6.s390.rpm     MD5: 86c4603e50a052e7cc42282cb0e64c02
SHA-256: f5d2a8c3ebb88883d36936f5dc81faa85d28c3d50d956b9ae76e39f770209adb
tcp_wrappers-libs-7.6-57.el6.s390x.rpm     MD5: 4b8a8a417533c4cc0e5febdc5f783dfa
SHA-256: 3f2ba68a7a89957a1e6c44a1868f54056eb6d76299cbeb7fe2d86f5d7b668d15
 
x86_64:
tcp_wrappers-7.6-57.el6.x86_64.rpm     MD5: 0446af12595d29c512a6588011cc7ea4
SHA-256: a1ba29fb271a06ebd355c23996ef0124c146234a83bb8e4051c32aecc6ccb641
tcp_wrappers-debuginfo-7.6-57.el6.i686.rpm     MD5: b80af550c767eb39bd64d613949f5fcc
SHA-256: fcd1ae2b5371e231babaedd623dbc16dc7e76909293cb9679c9fba5d6dd905d7
tcp_wrappers-debuginfo-7.6-57.el6.x86_64.rpm     MD5: b569151c12d8ba7890ef986a9501c30f
SHA-256: d392a178fd1250807c12ff6fbe0d14244dd50abf8164c06b57cb7810af1b864a
tcp_wrappers-devel-7.6-57.el6.i686.rpm     MD5: e0472df2f8013e6e202e29754df961a9
SHA-256: db031f3ab64e4d4a077231104afab177bea0dd704a3de4994704672bfed1463d
tcp_wrappers-devel-7.6-57.el6.x86_64.rpm     MD5: f6a4b87f70e4d8952130794b04bf3830
SHA-256: 16dd8e1d1252acd0020874ad9f34d61e963dc2602315b16f57d570c46a1b8943
tcp_wrappers-libs-7.6-57.el6.i686.rpm     MD5: dbed0409287d9abe710fa8303cfabd53
SHA-256: eef19018597cbc1c8d52f63584e52f219f0e478ac13ec4e8e149db735b9b83eb
tcp_wrappers-libs-7.6-57.el6.x86_64.rpm     MD5: 418c63377fde9781bcb1fffb896ca427
SHA-256: 5c0b5b9daf4380b87d277be4b331cff8afaf060dc3b7ef12d302ba45c290325d
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
tcp_wrappers-7.6-57.el6.src.rpm     MD5: e708c0b5c36831e479c7cfad993abc71
SHA-256: 3c4da2315a63f1bae8a9c57c202b6fe609af28f260a35b51cd904947aa585859
 
IA-32:
tcp_wrappers-7.6-57.el6.i686.rpm     MD5: 0c675339f4ac57f9f30ed5abe088ee5f
SHA-256: a9416896f6dcdcfd3a8b190ad6cd5c6246e0b8004205ff083fe3cf4b56800d5c
tcp_wrappers-debuginfo-7.6-57.el6.i686.rpm     MD5: b80af550c767eb39bd64d613949f5fcc
SHA-256: fcd1ae2b5371e231babaedd623dbc16dc7e76909293cb9679c9fba5d6dd905d7
tcp_wrappers-devel-7.6-57.el6.i686.rpm     MD5: e0472df2f8013e6e202e29754df961a9
SHA-256: db031f3ab64e4d4a077231104afab177bea0dd704a3de4994704672bfed1463d
tcp_wrappers-libs-7.6-57.el6.i686.rpm     MD5: dbed0409287d9abe710fa8303cfabd53
SHA-256: eef19018597cbc1c8d52f63584e52f219f0e478ac13ec4e8e149db735b9b83eb
 
x86_64:
tcp_wrappers-7.6-57.el6.x86_64.rpm     MD5: 0446af12595d29c512a6588011cc7ea4
SHA-256: a1ba29fb271a06ebd355c23996ef0124c146234a83bb8e4051c32aecc6ccb641
tcp_wrappers-debuginfo-7.6-57.el6.i686.rpm     MD5: b80af550c767eb39bd64d613949f5fcc
SHA-256: fcd1ae2b5371e231babaedd623dbc16dc7e76909293cb9679c9fba5d6dd905d7
tcp_wrappers-debuginfo-7.6-57.el6.x86_64.rpm     MD5: b569151c12d8ba7890ef986a9501c30f
SHA-256: d392a178fd1250807c12ff6fbe0d14244dd50abf8164c06b57cb7810af1b864a
tcp_wrappers-devel-7.6-57.el6.i686.rpm     MD5: e0472df2f8013e6e202e29754df961a9
SHA-256: db031f3ab64e4d4a077231104afab177bea0dd704a3de4994704672bfed1463d
tcp_wrappers-devel-7.6-57.el6.x86_64.rpm     MD5: f6a4b87f70e4d8952130794b04bf3830
SHA-256: 16dd8e1d1252acd0020874ad9f34d61e963dc2602315b16f57d570c46a1b8943
tcp_wrappers-libs-7.6-57.el6.i686.rpm     MD5: dbed0409287d9abe710fa8303cfabd53
SHA-256: eef19018597cbc1c8d52f63584e52f219f0e478ac13ec4e8e149db735b9b83eb
tcp_wrappers-libs-7.6-57.el6.x86_64.rpm     MD5: 418c63377fde9781bcb1fffb896ca427
SHA-256: 5c0b5b9daf4380b87d277be4b331cff8afaf060dc3b7ef12d302ba45c290325d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

727287 - Request to recompile libraries with -Wl,-z,relro flags


Keywords

RELRO


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/