Univention Bugzilla – Bug 39548
rpcbind: Denial of Service (4.0)
Last modified: 2015-12-09 12:58:17 CET
Upstream Debian package version 0.2.0-8+deb7u1 fixes this issue: * A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash) (CVE-2015-7236) nfs-common depends on this process in UCS 4.0-x.
repo_admin.py -U -d wheezy -p rpcbind -r 4.0-0-0 -s errata4.0-4 Package: rpcbind Version: 0.2.0-8.7.201511231138 Branch: ucs_4.0-0 Scope: errata4.0-4 r65842 | Bug #39548. rpcbind YAML rpcbind.yaml # apt-cache policy rpcbind rpcbind: Installiert: 0.2.0-8.6.201403161928 Installationskandidat: 0.2.0-8.7.201511231138 Versionstabelle: 0.2.0-8.7.201511231138 0 500 http://omar.knut.univention.de/build2/ ucs_4.0-0-errata4.0-4/i386/ Packages *** 0.2.0-8.6.201403161928 0 500 http://univention-repository.knut.univention.de/4.0/maintained/ 4.0-0/i386/ Packages 100 /var/lib/dpkg/status # apt-get install rpcbind # zless /usr/share/doc/rpcbind/changelog.Debian.gz # rpcinfo
UCS 4.0-3 is still maintained, therefore this should be "version: [3,4]"
(In reply to Janek Walkenhorst from comment #2) > UCS 4.0-3 is still maintained, therefore this should be "version: [3,4]" r65918 | Bug #40023. rpcbind YAML rpcbind.yaml
Advisory: OK Tests (i386, amd64): OK
<http://errata.software-univention.de/ucs/4.0/369.html>