Summary: | <net-nds/rpcbind-0.2.4-r1, <net-libs/libtirpc-1.0.1-r1: Unbounded maximum RPC data size during memory allocation for XDR strings (CVE-2017-8779) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | base-system, kfm |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1448124 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
=net-nds/rpcbind-0.2.4-r1
=net-libs/libtirpc-1.0.1-r1
|
Runtime testing required: | No |
Description
Agostino Sarubbo
2017-05-04 15:37:58 UTC
Bump done, will need to be re-stabilized. Should be fine to stabilize, those patches look safe. net-libs/libtirpc-1.0.1-r1 net-nds/rpcbind-0.2.4-r1 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d968a5aa9ebfa6bc766bed99370e164f08b9a0dc https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eae6e7a80bc2934ae1557731fc0ad71cd92af99b amd64 stable Stable for HPPA. x86 stable sparc stable Stable on alpha. ppc ppc64 stable arm stable Remaining arches are not part of security supported architectures, proceeding with security. Arches please stabilize as soon as possible to secure package. GLSA Vote: Yes New GLSA Request filed. ia64 please finish stabilization. Maintainer(s), please drop the vulnerable version(s). GLSA is going to be released. This issue was resolved and addressed in GLSA 201706-07 at https://security.gentoo.org/glsa/201706-07 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architecture. There's a typo in glsa-201706-07.xml / on glsa page, rpcbind affected/unaffected version is set to "0.2.4-r", which breaks glsa-check -t all (In reply to Valeriy Malov from comment #13) > There's a typo in glsa-201706-07.xml / on glsa page, rpcbind > affected/unaffected version is set to "0.2.4-r", which breaks glsa-check -t > all Thanks! GLSA fixed. ia64 stable. Maintainer(s), please cleanup. @base-system, can we please clean? please drop <net-nds/rpcbind-0.2.4-r1! |