Security Information / 2017 / Security Information -- DSA-3845-1 libtirpc

Debian Security Advisory

DSA-3845-1 libtirpc -- security update

Date Reported:

08 May 2017

Affected Packages:

libtirpc

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-8779.

More information:

Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).

For the stable distribution (jessie), this problem has been fixed in version 0.2.5-1+deb8u1 of libtirpc and version 0.2.1-6+deb8u2 of rpcbind.

For the upcoming stable distribution (stretch), this problem has been fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.

For the unstable distribution (sid), this problem has been fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.

We recommend that you upgrade your libtirpc packages.