Debian Security Advisory
DSA-3845-1 libtirpc -- security update
- Date Reported:
- 08 May 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-8779.
- More information:
Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).
For the stable distribution (jessie), this problem has been fixed in version 0.2.5-1+deb8u1 of libtirpc and version 0.2.1-6+deb8u2 of rpcbind.
For the upcoming stable distribution (stretch), this problem has been fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.
For the unstable distribution (sid), this problem has been fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.
We recommend that you upgrade your libtirpc packages.