Debian Bug report logs -
#861834
libtirpc: CVE-2017-8779
Package:
src:libtirpc;
Maintainer for src:libtirpc is Anibal Monsalve Salazar <anibal@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 4 May 2017 15:03:02 UTC
Severity: grave
Tags: patch, security, upstream
Found in version libtir ...
Guido Vranken discovered that incorrect memory management in libtirpc,
a transport-independent RPC library used by rpcbind and other programs
may result in denial of service via memory exhaustion (depending on
memory management settings)
For the stable distribution (jessie), this problem has been fixed in
version 025-1+deb8u1 of libtirpc and ver ...
Several security issues were fixed in libtirpc ...
Several security issues were fixed in libtirpc ...
Synopsis
Important: rpcbind security update
Type/Severity
Security Advisory: Important
Topic
An update for rpcbind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Important: libtirpc security update
Type/Severity
Security Advisory: Important
Topic
An update for libtirpc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis
Important: libtirpc security update
Type/Severity
Security Advisory: Important
Topic
An update for libtirpc is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis
Important: libntirpc security update
Type/Severity
Security Advisory: Important
Topic
An update for libntirpc is now available for Red Hat Gluster Storage 32 for RHEL 6 and Red Hat Gluster Storage 32 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Importan ...
Synopsis
Important: rpcbind security update
Type/Severity
Security Advisory: Important
Topic
An update for rpcbind is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Memory leak when failing to parse XDR strings or bytearraysIt was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM ...
It was found that due to the way rpcbind uses libtirpc (libntirpc), a memoryleak can occur when parsing specially crafted XDR messages An attacker sendingthousands of messages to rpcbind could cause its memory usage to grow withoutbound, eventually causing it to be terminated by the OOM killer (CVE-2017-8779) ...
It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer ...
It was found that libtirpc and libntirpc fails to free a buffer allocated for parsing XDR blocks when parsing fails due to insufficient input data being available A specially crafted message sent to a service such as rpcbind results in a memory leak, causing the application to crash or other processes to be impacted via the OOM killer ...