rpcbind-0.2.0-38.0.1.el7.AXS7
エラータID: AXSA:2017-1656:01
Release date:
Tuesday, May 23, 2017 - 17:13
Subject:
rpcbind-0.2.0-38.0.1.el7.AXS7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
The rpcbind utility is a server that converts RPC program numbers into
universal addresses. It must be running on the host to be able to make
RPC calls on a server on that machine.
Security issues fixed with this release:
CVE-2017-8779
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through
1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC
data size during memory allocation for XDR strings, which allows remote
attackers to cause a denial of service (memory consumption with no
subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Solution:
Update packages.
CVEs:
CVE-2017-8779
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Additional Info:
N/A
Download:
SRPMS
- rpcbind-0.2.0-38.0.1.el7.AXS7.src.rpm
MD5: 67430c07192b4aee03bee93cc3db4fbf
SHA-256: e5ba62c6d83b04745c8f8dfded7961d8d7e348c908b0529a281d6d24c280bea3
Size: 310.54 kB
Asianux Server 7 for x86_64
- rpcbind-0.2.0-38.0.1.el7.AXS7.x86_64.rpm
MD5: e8c3469719fdf264830775b130d23ac2
SHA-256: d91d72b8eb8291e8a67c92f387d14e8f7e71d017113d0872f0dd64931b027738
Size: 58.09 kB