 
| Subject: | |
| From: | |
| Reply To: | Gilbert E. Detillieux |
| Date: | Tue, 23 May 2017 15:43:49 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
I'm likewise seeing the same failure of rpcbind after upgrading it and
libtirpc on my SL7 systems...
May 23 15:37:38 localhost yum[6929]: Updated:
libtirpc-0.2.4-0.8.el7_3.x86_64
May 23 15:37:38 localhost yum[6929]: Updated: rpcbind-0.2.0-38.el7_3.x86_64
May 23 15:37:40 localhost systemd[1]: rpcbind.service: main process
exited, code=killed, status=6/ABRT
May 23 15:37:40 localhost systemd[1]: Unit rpcbind.service entered
failed state.
May 23 15:37:40 localhost systemd[1]: rpcbind.service failed.
Downgraded the packages to fix the problem.
Gilbert
On 22/05/2017 2:57 PM, Pat Riehecky wrote:
> Synopsis: Important: rpcbind security update
> Advisory ID: SLSA-2017:1262-1
> Issue Date: 2017-05-21
> CVE Numbers: CVE-2017-8779
> --
>
> Security Fix(es):
>
> * It was found that due to the way rpcbind uses libtirpc (libntirpc), a
> memory leak can occur when parsing specially crafted XDR messages. An
> attacker sending thousands of messages to rpcbind could cause its memory
> usage to grow without bound, eventually causing it to be terminated by the
> OOM killer. (CVE-2017-8779)
> --
>
> SL7
> x86_64
> rpcbind-0.2.0-38.el7_3.x86_64.rpm
> rpcbind-debuginfo-0.2.0-38.el7_3.x86_64.rpm
>
> - Scientific Linux Development Team
--
Gilbert E. Detillieux E-mail: <[log in to unmask]>
Dept. of Computer Science Web: http://www.cs.umanitoba.ca/~gedetil/
University of Manitoba Phone: (204)474-8161
Winnipeg MB CANADA R3T 2N2 Fax: (204)474-7609
|
|
|
