[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 311-1] rpcbind security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : rpcbind
Version        : 0.2.0-4.1+deb6u1
CVE ID         : CVE-2015-7236


A use-after-free vulnerability in rpcbind causing remotely triggerable crash was found. Rpcbind crashes in svc_dodestroy when trying to free a corrupted xprt->xp_netid pointer, which contains a sockaddr_in.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJV/rx3XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHCBgP/3pUB25tiqd9Svlb2enpyosp
+NyH1NHIuGxY2GwtgapzmYTX8Gs81p+eEjiX2/VM8wrmZuX94nPySdUlfGuXUE8m
yXnFTx1S/DTw76q4wDBPdUHKAYRrHj9VANYdiKV4FUBAHTDSJh+xFhaW3pqkIGC9
iaLdOsblV7aLuGcLTrM/mLa23ZCIYPUPImFrC6UDKI1skez9OUjnTz1EYdA6CPlE
CCApXxreC+Dltz/sxhHUVCb1zJq55FI77ZuHDqDD5GUc4ijwb9c1Jy6h20PIIMHh
Lm+v5pqlSKzHeMcbPghyMPYTqrWEY7BJV42d/oqLmlx/UfKIs3ktN7ThTSGWidIC
dU6GkzpTWJpNJJm3EhIQsPB9gZuW7ByxuVPuD9qf5abjIuRNaZCCCcsygFpIG4ME
xihYe3QiHOO924dHgRuZR7AE7be0FdwfrtnYBCEIKY3fDF6ZgxEqVSY7LpPXCAvn
eMPJlepHSay4z3Aj9ROQPc5K5iUmTandk8oYMvJ7orDNSnLQOzz6zYgatIE3GjmL
qDceSSeZyNGlAeol9hKOsZl0ecdO4QXpXIVrALh+3rrG6+1TKUOjastOuAQQK0+R
2IwAS3Xyseygu3xKsTHWI67KMG0Wx0TYJzXa897vkSzFDRxaJ6QYyW3ftOK1rOD3
W6QdWA/OOcZDjd/pZl76
=vNK7
-----END PGP SIGNATURE-----


Reply to: