Univention Bugzilla – Bug 40023
rpcbind: Denial of Service (4.1)
Last modified: 2016-10-05 12:46:39 CEST
+++ This bug was initially created as a clone of Bug #39548 +++ Upstream Debian package version 0.2.0-8+deb7u1 fixes this issue: * A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash) (CVE-2015-7236) nfs-common depends on this process in UCS 4.0-x.
repo_admin.py --cherrypick -r 4.0 -s errata4.0-4 --releasedest 4.1 --dest errata4.1-0 -p rpcbind Package: rpcbind Version: 0.2.0-8.8.201511231144 Branch: ucs_4.1-0 Scope: errata4.1-0 r65843 | Bug #40023. rpcbind YAML rpcbind.yaml
OK: DEBIAN_FRONTEND=noninteractive apt-get install --reinstall -y rpcbind OK: advisory OK: Tests: # rpcinfo # rpcinfo -b 100003 2
<http://errata.software-univention.de/ucs/4.1/21.html>