Updated rpcbind/libtirpc packages fix security vulnerability
Publication date: 26 Jun 2017Modification date: 26 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-8779
Description
It was discovered that rpcbind and libtirpc contain a vulnerability that allows an attacker to allocate any amount of bytes (up to 4 gigabytes per attack) on a remote rpcbind host, and the memory is never freed unless the process crashes or the administrator halts or restarts the rpcbind service. This can slow down the system’s operations significantly or prevent other services from spawning processes entirely (CVE-2017-8779).
References
SRPMS
5/core
- rpcbind-0.2.2-1.2.mga5
- libtirpc-0.2.5-3.2.mga5