Debian Security Advisory
DLA-311-1 rpcbind -- LTS security update
- Date Reported:
- 20 Sep 2015
- Affected Packages:
- rpcbind
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-7236.
- More information:
-
A use-after-free vulnerability in rpcbind causing remotely triggerable crash was found. Rpcbind crashes in svc_dodestroy when trying to free a corrupted xprt->xp_netid pointer, which contains a sockaddr_in.