rpcbind-0.2.0-13.0.1.AXS4

エラータID: AXSA:2017-1657:02

Release date: 
Tuesday, May 23, 2017 - 17:16
Subject: 
rpcbind-0.2.0-13.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The rpcbind utility is a server that converts RPC program numbers into
universal addresses. It must be running on the host to be able to make
RPC calls on a server on that machine.

Security issues fixed with this release:

CVE-2017-8779
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through
1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC
data size during memory allocation for XDR strings, which allows remote
attackers to cause a denial of service (memory consumption with no
subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.

Solution: 

Update packages.

CVEs: 
CVE-2017-8779
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
Additional Info: 

N/A

Download: 

SRPMS
  1. rpcbind-0.2.0-13.0.1.AXS4.src.rpm
    MD5: ec68417c2d5a9abd1651acb63aa764f9
    SHA-256: 95349b8a79f9fd728c39778c24a93607eb168550e72405aa21d1955ead2808eb
    Size: 283.92 kB

Asianux Server 4 for x86
  1. rpcbind-0.2.0-13.0.1.AXS4.i686.rpm
    MD5: 4a8ae4e338787c9c6dc2e53052b232c1
    SHA-256: 7672d6f52958788d94592ac0dfdd79c5d2023c68f59c0e962a055bc793527bdd
    Size: 50.58 kB

Asianux Server 4 for x86_64
  1. rpcbind-0.2.0-13.0.1.AXS4.x86_64.rpm
    MD5: f4635d962bf6badd020c663b54838265
    SHA-256: 637a62d6412b45140898214cc94667aac835309f38e2401d59f8bc115ce0c672
    Size: 50.55 kB