Subject: | |
From: | |
Reply To: | Gilbert E. Detillieux |
Date: | Tue, 23 May 2017 15:30:06 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
After installing the rpcbind and related libtirpc updates, rpcbind
stopped working on all my SL6 systems...
May 23 09:40:40 localhost yum[17807]: Updated:
libtirpc-0.2.1-13.el6_9.x86_64
May 23 09:40:41 localhost yum[17807]: Updated: rpcbind-0.2.0-13.el6_9.x86_64
May 23 09:40:41 localhost rpcbind: rpcbind terminating on signal.
Restart with "rpcbind -w"
Attempts to manually restart the rpcbind service failed in the same way.
(Rebooting also didn't help.) In the end, I downgraded both of these
packages to get rpcbind working again.
Anyone else having issues with this one?
Gilbert
On 23/05/2017 9:26 AM, Pat Riehecky wrote:
> Synopsis: Important: rpcbind security update
> Advisory ID: SLSA-2017:1267-1
> Issue Date: 2017-05-23
> CVE Numbers: CVE-2017-8779
> --
>
> Security Fix(es):
>
> * It was found that due to the way rpcbind uses libtirpc (libntirpc), a
> memory leak can occur when parsing specially crafted XDR messages. An
> attacker sending thousands of messages to rpcbind could cause its memory
> usage to grow without bound, eventually causing it to be terminated by the
> OOM killer. (CVE-2017-8779)
> --
>
> SL6
> x86_64
> rpcbind-0.2.0-13.el6_9.x86_64.rpm
> rpcbind-debuginfo-0.2.0-13.el6_9.x86_64.rpm
> i386
> rpcbind-0.2.0-13.el6_9.i686.rpm
> rpcbind-debuginfo-0.2.0-13.el6_9.i686.rpm
>
> - Scientific Linux Development Team
--
Gilbert E. Detillieux E-mail: <[log in to unmask]>
Dept. of Computer Science Web: http://www.cs.umanitoba.ca/~gedetil/
University of Manitoba Phone: (204)474-8161
Winnipeg MB CANADA R3T 2N2 Fax: (204)474-7609
|
|
|