Описание
Security update for rpcbind
A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service.
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
rpcbind-0.1.6+git20080930-6.24.1
SUSE Linux Enterprise Desktop 11 SP4
rpcbind-0.1.6+git20080930-6.24.1
SUSE Linux Enterprise Server 11 SP3
rpcbind-0.1.6+git20080930-6.24.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
rpcbind-0.1.6+git20080930-6.24.1
SUSE Linux Enterprise Server 11 SP4
rpcbind-0.1.6+git20080930-6.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
rpcbind-0.1.6+git20080930-6.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
rpcbind-0.1.6+git20080930-6.24.1
Ссылки
- Link for SUSE-SU-2015:1706-1
- E-Mail link for SUSE-SU-2015:1706-1
- SUSE Security Ratings
- SUSE Bug 940191
- SUSE Bug 946204
- SUSE CVE CVE-2015-7236 page
Описание
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:rpcbind-0.1.6+git20080930-6.24.1
SUSE Linux Enterprise Desktop 11 SP4:rpcbind-0.1.6+git20080930-6.24.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:rpcbind-0.1.6+git20080930-6.24.1
SUSE Linux Enterprise Server 11 SP3:rpcbind-0.1.6+git20080930-6.24.1
Ссылки
- CVE-2015-7236
- SUSE Bug 940191
- SUSE Bug 946204
- SUSE Bug 979097