After installing the rpcbind and related libtirpc updates, rpcbind 
stopped working on all my SL6 systems...

May 23 09:40:40 localhost yum[17807]: Updated: 
libtirpc-0.2.1-13.el6_9.x86_64
May 23 09:40:41 localhost yum[17807]: Updated: rpcbind-0.2.0-13.el6_9.x86_64
May 23 09:40:41 localhost rpcbind: rpcbind terminating on signal. 
Restart with "rpcbind -w"

Attempts to manually restart the rpcbind service failed in the same way. 
  (Rebooting also didn't help.)  In the end, I downgraded both of these 
packages to get rpcbind working again.

Anyone else having issues with this one?

Gilbert

On 23/05/2017 9:26 AM, Pat Riehecky wrote:
> Synopsis:          Important: rpcbind security update
> Advisory ID:       SLSA-2017:1267-1
> Issue Date:        2017-05-23
> CVE Numbers:       CVE-2017-8779
> --
> 
> Security Fix(es):
> 
> * It was found that due to the way rpcbind uses libtirpc (libntirpc), a
> memory leak can occur when parsing specially crafted XDR messages. An
> attacker sending thousands of messages to rpcbind could cause its memory
> usage to grow without bound, eventually causing it to be terminated by the
> OOM killer. (CVE-2017-8779)
> --
> 
> SL6
>    x86_64
>      rpcbind-0.2.0-13.el6_9.x86_64.rpm
>      rpcbind-debuginfo-0.2.0-13.el6_9.x86_64.rpm
>    i386
>      rpcbind-0.2.0-13.el6_9.i686.rpm
>      rpcbind-debuginfo-0.2.0-13.el6_9.i686.rpm
> 
> - Scientific Linux Development Team

-- 
Gilbert E. Detillieux		E-mail:	<[log in to unmask]>
Dept. of Computer Science	Web:	http://www.cs.umanitoba.ca/~gedetil/
University of Manitoba		Phone:	(204)474-8161
Winnipeg MB CANADA  R3T 2N2	Fax:	(204)474-7609