Debian Bug report logs -
#799307
rpcbind: CVE-2015-7236: remote triggerable use-after-free in rpcbind
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 17 Sep 2015 18:18:01 UTC
Severity: grave
Tags: patch, security, upstream
Found in version rpcbind/0.2.0-4.1
Fixed in versions rpcbind/0.2.0-4.1+deb6u1, rpcbind/0.2.1-6+deb8u1, rpcbind/0.2.0-8+deb7u1, rpcbind/0.2.1-6.1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#799307; Package src:rpcbind.
(Thu, 17 Sep 2015 18:18:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Anibal Monsalve Salazar <anibal@debian.org>.
(Thu, 17 Sep 2015 18:18:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: rpcbind
Version: 0.2.0-4.1
Severity: grave
Tags: security upstream patch
Justification: user security hole
Hi,
the following vulnerability was published for rpcbind.
CVE-2015-7236[0]:
remote triggerable use-after-free in rpcbind
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-7236
[1] http://www.spinics.net/lists/linux-nfs/msg53045.html
[2] https://bugzilla.suse.com/show_bug.cgi?id=946204
Regards,
Salvatore
Marked as fixed in versions rpcbind/0.2.0-4.1+deb6u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 21 Sep 2015 15:09:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#799307; Package src:rpcbind.
(Wed, 23 Sep 2015 15:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>.
(Wed, 23 Sep 2015 15:27:03 GMT) (full text, mbox, link).
Message #12 received at 799307@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Anibal,
On Thu, Sep 17, 2015 at 08:14:59PM +0200, Salvatore Bonaccorso wrote:
> Source: rpcbind
> Version: 0.2.0-4.1
> Severity: grave
> Tags: security upstream patch
> Justification: user security hole
>
> Hi,
>
> the following vulnerability was published for rpcbind.
>
> CVE-2015-7236[0]:
> remote triggerable use-after-free in rpcbind
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2015-7236
> [1] http://www.spinics.net/lists/linux-nfs/msg53045.html
> [2] https://bugzilla.suse.com/show_bug.cgi?id=946204
Attached is proposed debdiff (which matches what I uploaded to
security-master, but not yet released). Do you handle the upload to
unstable yourself? I can otherwise do a NMU with attached debdiff.
Regards,
Salvatore
[rpcbind_0.2.1-6.1.debdiff (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#799307; Package src:rpcbind.
(Thu, 24 Sep 2015 15:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>.
(Thu, 24 Sep 2015 15:21:04 GMT) (full text, mbox, link).
Message #17 received at 799307@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 799307 + pending
Dear Anibal,
I've prepared an NMU for rpcbind (versioned as 0.2.1-6.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
[rpcbind-0.2.1-6.1-nmu.diff (text/x-diff, attachment)]
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 799307-submit@bugs.debian.org.
(Thu, 24 Sep 2015 15:21:04 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 26 Sep 2015 12:51:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 26 Sep 2015 12:51:11 GMT) (full text, mbox, link).
Message #24 received at 799307-close@bugs.debian.org (full text, mbox, reply):
Source: rpcbind
Source-Version: 0.2.1-6+deb8u1
We believe that the bug you reported is fixed in the latest version of
rpcbind, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 799307@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated rpcbind package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 18 Sep 2015 18:45:15 +0200
Source: rpcbind
Binary: rpcbind
Architecture: source
Version: 0.2.1-6+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 799307
Description:
rpcbind - converts RPC program numbers into universal addresses
Changes:
rpcbind (0.2.1-6+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add CVE-2015-7236.patch patch.
CVE-2015-7236: Memory corruption in PMAP_CALLIT code leading to denial
of service. (Closes: #799307)
Checksums-Sha1:
2993e65dd3de5bd172bcff1c539f1d68a31f79d7 1821 rpcbind_0.2.1-6+deb8u1.dsc
d1ca8ce155d98d4f1c1dd40fa747a2144a42cb61 110681 rpcbind_0.2.1.orig.tar.bz2
ecde06a99c76bcbbed4421442f8d2c2d0c153402 9656 rpcbind_0.2.1-6+deb8u1.debian.tar.xz
Checksums-Sha256:
3d723cbc9fb8347dfa05bdecd80e21265d7f3c9248ce984e65c0efe8308a6f64 1821 rpcbind_0.2.1-6+deb8u1.dsc
da169ff877a5a07581fad50a9a808ac6e96f0c277a3df49a7ef005778428496e 110681 rpcbind_0.2.1.orig.tar.bz2
4fe76122be711377924fc2267d0b1e93d7d6eafb6503796a615fad77c9cac9a6 9656 rpcbind_0.2.1-6+deb8u1.debian.tar.xz
Files:
c36d24556ae05475170c3a4ffb819efb 1821 net standard rpcbind_0.2.1-6+deb8u1.dsc
0a5f9c2142af814c55d957aaab3bcc68 110681 net standard rpcbind_0.2.1.orig.tar.bz2
680b1e43d633ed8772c7494bc5c9619c 9656 net standard rpcbind_0.2.1-6+deb8u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJV/vL+AAoJEAVMuPMTQ89EjkoQAKFiOt0VRZy+ToeNCjQwPwbo
xI3ejwUOVdKXqEH++kbIZYJVCNoxOwmgNlGwgVNyTuBzVfNfZ4eyd3dZh/Ef9C3L
KkBShjyckxudBB/m5t/o1BBStCyXEI/uiEvjRw8oAqsmYIM6sxGC3noYm0fnud7n
64XrDlxC79cR4Fta3CtrCga68ZaDpd21tXtE0FOR9UlEeSinm/7N68KECk6/lc8q
NIW14ImZv513pPOaLYPPaE77CWEpecDXlDLICoNrpqTLMl1UOGBIxW5av8G3MGGC
NmL1VezgKOky8tGvnEpx50a6IYbGZSHyiHzvRRYhizHMe+DiK1T7ZPzJllG62CPj
feI576IKThJtXyVNUbUAjYPLfJ1pS6bWZ5LGmyc3/caf+Vof04zihYtpqbBpYHrB
zgRr+3agZMMVp3qBdOZVXBnfRNZuIQo4+se5WkY+XFIYRKB6yHYYF8mO6N1oAta4
wIMqEhsgodP+eivqmmIdmbOjkDf9M+R/djCXcxMgg6jSicjHjRQ6aqbxmIoVxJPL
sO6PxpdD4+UAPrAyhbi1OmqaORzS0p1ioSVWdc4E0NBVGAOhd5b/tJw4nwRxbO81
0boUMedNDjNjza6OaUlVXd2GoXvzNDFTVq5jGR5w7sY5cJpevedy5XH5LIYT9KTU
LV3igy1C14NqP8B0NjzQ
=WBlV
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 26 Sep 2015 12:51:14 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 26 Sep 2015 12:51:14 GMT) (full text, mbox, link).
Message #29 received at 799307-close@bugs.debian.org (full text, mbox, reply):
Source: rpcbind
Source-Version: 0.2.0-8+deb7u1
We believe that the bug you reported is fixed in the latest version of
rpcbind, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 799307@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated rpcbind package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 18 Sep 2015 18:46:48 +0200
Source: rpcbind
Binary: rpcbind
Architecture: source amd64
Version: 0.2.0-8+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
rpcbind - converts RPC program numbers into universal addresses
Closes: 799307
Changes:
rpcbind (0.2.0-8+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add CVE-2015-7236.patch patch.
CVE-2015-7236: Memory corruption in PMAP_CALLIT code leading to denial
of service. (Closes: #799307)
Checksums-Sha1:
5e51a52a1224d7945c2901bf40c888571b804bf1 1831 rpcbind_0.2.0-8+deb7u1.dsc
02f077372a76a8f9adfa696004aa437212c28617 271018 rpcbind_0.2.0.orig.tar.bz2
31e489aa3f26ab77ce569abd498670e26a08a395 8551 rpcbind_0.2.0-8+deb7u1.debian.tar.bz2
9f0120ac0ee8fac9bd37e8ab025390c22a86db7b 46870 rpcbind_0.2.0-8+deb7u1_amd64.deb
Checksums-Sha256:
e3d3c4222b361241df0a12100cc72df620b59a3e915cb606c616dce59b1d6cce 1831 rpcbind_0.2.0-8+deb7u1.dsc
c92f263e0353887f16379d7708ef1fb4c7eedcf20448bc1e4838f59497a00de3 271018 rpcbind_0.2.0.orig.tar.bz2
305d6fc9ec4955620c3bbf0eed618b5c6c17cbda1ca274185cb44e6d210d77ce 8551 rpcbind_0.2.0-8+deb7u1.debian.tar.bz2
ab32d000f164de7df61e250d1d7298f8d6adb5404a3195afef0d6e7a07a76d63 46870 rpcbind_0.2.0-8+deb7u1_amd64.deb
Files:
fd252f29e5c233844732f57363e61095 1831 net standard rpcbind_0.2.0-8+deb7u1.dsc
1a77ddb1aaea8099ab19c351eeb26316 271018 net standard rpcbind_0.2.0.orig.tar.bz2
6ead3392b61c27a9c33118aea36eec02 8551 net standard rpcbind_0.2.0-8+deb7u1.debian.tar.bz2
ef9011ef03cea5cf1212885ea9018d37 46870 net standard rpcbind_0.2.0-8+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJV/vNnAAoJEAVMuPMTQ89EbC0P/332enHL77jkheDoUukp+38/
XjtjsEVmm8zAoWWrbFM062LElZdhhjpiH0kb6YOsymfuYy9izmZWigRO2ThN/Obl
/Qragy6L3scQG+s+IZ4VEE9OO8SM/hUbPvn6EXaSL1/buape1RO2BrHbTXYEZUh8
6ocFcF1QVrRb9R5gPyKa6geIdiGHHKgD+CXutD1qwpGkOLB+n01ztUOroMVE5h/9
EMW+60yVKmq3lAtgM0IFXYfXnZyOf+IAXlUIRijgfQPX6sghssinWCVIqC7xVrrF
DGwNr9aycNZzlVNmRVx39n3tRSpjMu6xcHPSP6DvSqCXVi1wJAhiACKkNQhMQXF/
K9wGS2r58f40/xxVYKpDSwJ0idhzjWyOOg1HaP8fHtxxfq/OdByDCGjI9bJO49Ry
Pq+vbQpXU6G7BKcVLgJfCqqmlSsrKjFmUPNGhZgvqEeReF22Gu8/t52PY03rfv1c
QIqNihTw5Z4u1B+BPr4M85tapjZtEcNYJVQxfVIGp8WYi4J+IbzHlzgGyL+DpcGt
kUogCmWb8an0C6gjRGpSzKK+kInlP2Ko8ZY2nDVwPfsdropCcc05CI4R1+t7JV+M
FPZ5xX+3G/EqPhK9mvneoNn6UA0Fsd8Kdaiv0w11c/RQXk8pKLpPsqPgYUkisKPf
e02xv/s7ReuJWt9KZ57b
=NOfe
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 26 Sep 2015 15:45:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 26 Sep 2015 15:45:05 GMT) (full text, mbox, link).
Message #34 received at 799307-close@bugs.debian.org (full text, mbox, reply):
Source: rpcbind
Source-Version: 0.2.1-6.1
We believe that the bug you reported is fixed in the latest version of
rpcbind, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 799307@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated rpcbind package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Sep 2015 16:33:12 +0200
Source: rpcbind
Binary: rpcbind
Architecture: source
Version: 0.2.1-6.1
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 799307
Description:
rpcbind - converts RPC program numbers into universal addresses
Changes:
rpcbind (0.2.1-6.1) unstable; urgency=high
.
* Non-maintainer upload.
* Add CVE-2015-7236.patch patch.
CVE-2015-7236: Memory corruption in PMAP_CALLIT code leading to denial
of service. (Closes: #799307)
Checksums-Sha1:
26059be5f6a4fbcbafeacf2841095a9afd9aedea 1801 rpcbind_0.2.1-6.1.dsc
ec1a70b83b01fc35bb23992cd45f379685b9bd2d 9636 rpcbind_0.2.1-6.1.debian.tar.xz
Checksums-Sha256:
20909b310ebc9c7c00bde7f0ffab305874338cce115861ec5e02d311a3ed08e4 1801 rpcbind_0.2.1-6.1.dsc
bef3f44fec69768e6e6f512a36a2ad3acee3e070912377af0409ff7cf4d50fb2 9636 rpcbind_0.2.1-6.1.debian.tar.xz
Files:
eb445c40bce55d80ab7ac09b6f70c4d8 1801 net standard rpcbind_0.2.1-6.1.dsc
b812be7a409ff847d9497df49ce6534d 9636 net standard rpcbind_0.2.1-6.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWBBNvAAoJEAVMuPMTQ89ETMoP/iDUA6Q9PXPheE/icrCINS0o
YDq9M/i4et41VZY48CobT8Z0UbZG79jyQYSgJyr9YQ/Usl8aetQeAMkm1IT1Zmo1
vYmtwgl74vA5ApicoIHjRDzZgkJK7Yr97QfWlqMPEH9NnWJ/d/Pq89uQiFJhUGE2
WwIyPDzqZUAVcd+SkgZHo8o3yI7rHxjbJ8PWUbL4IflsSwjVLyVWfu8CSdvk8bfG
uBtbEjO8/PRCCy0DULTeVCp/HpgSpmQttzomy6+0IufQ525nf7dHnCoZP8d4ftYH
iXFdeb3TaEjqE0O52yNWm7Y/NK7SwXlZuqw30zCmpLiavoXmKSon0he+5niPQa7a
IZo0RHAfzeeDXEs4bl7URABVUvjUE52W5SfqY45YobSjUHbV8NCCcm0s7TEb/ujP
pHfOc4F8D1S8cdYnMM11Jh4sJrPTRcQkL5Ps6jW28tfOxtszI0n4sgU3U+8JYGv7
0Nqr6aEAP7JYHaW6bubidIuRyOAwGnZP19CwX+c8u0/xbT7DBnUefJJqwG51ZQLl
QGJPHb5l1onu3kLcbPmQNIepiLbbxqe1flR3XbULjb3BrRj+TFoW0SbcwwvtXw8o
+G0hkdD69LX8DyvspVyrVQfji2TdF/KwjlK+8DTZy80zfu1EVnsJuFdIE7BkUfqo
2vIIHQ7c0fb0GIm/kJC4
=fx2L
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jan 2016 07:25:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:31:18 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon