[ubuntu/bionic-security] rpcbind 0.2.3-0.6ubuntu0.18.04.2 (Accepted)

Wed Jun 9 11:07:12 UTC 2021

rpcbind (0.2.3-0.6ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via memory consumption (LP: #1925280)
    - debian/patches/CVE-2017-8779.patch: pair all svc_getargs() calls with
      svc_freeargs() to avoid memory leak in src/pmap_svc.c,
      src/rpcb_svc.c, src/rpcb_svc_4.c, src/rpcb_svc_com.c.
    - debian/patches/CVE-2017-8779-2.patch: fix building without
      --enable-debug in src/pmap_svc.c.
    - The patch included in 0.2.3-0.6 did not correctly fix this issue.
    - CVE-2017-8779

Date: 2021-06-08 13:38:09.462904+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/rpcbind/0.2.3-0.6ubuntu0.18.04.2
-------------- next part --------------
Sorry, changesfile not available.