MGASA-2017-0183

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0183.html

Import Source

https://advisories.mageia.org/MGASA-2017-0183.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0183

Related

CVE-2017-8779

Published

2017-06-26T21:37:03Z

Modified

2017-06-26T21:15:16Z

Summary

Updated rpcbind/libtirpc packages fix security vulnerability

Details

It was discovered that rpcbind and libtirpc contain a vulnerability that allows an attacker to allocate any amount of bytes (up to 4 gigabytes per attack) on a remote rpcbind host, and the memory is never freed unless the process crashes or the administrator halts or restarts the rpcbind service. This can slow down the systemâs operations significantly or prevent other services from spawning processes entirely (CVE-2017-8779).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / rpcbind

Package

Name: rpcbind
Purl: pkg:rpm/mageia/rpcbind?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.2-1.2.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / libtirpc

Package

Name: libtirpc
Purl: pkg:rpm/mageia/libtirpc?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.5-3.2.mga5

Ecosystem specific

{
    "section": "core"
}