Summary: | <net-libs/libtirpc-1.3.2-r1: infinite loop without accepting new connections causing DoS (CVE-2021-46828) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 872740 | ||
Bug Blocks: |
Description
filip ambroz
2022-07-21 08:42:27 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15f37371c962d5d28081841062dcf925c6a0914c commit 15f37371c962d5d28081841062dcf925c6a0914c Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2022-07-24 00:36:45 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2022-07-24 00:38:21 +0000 net-libs/libtirpc: backport security fixes Bug: https://bugs.gentoo.org/859634 Signed-off-by: Mike Gilbert <floppym@gentoo.org> net-libs/libtirpc/files/libtirpc-1.3.2-dos.patch | 178 +++++++++++++++++++++ .../files/libtirpc-1.3.2-memory-leak.patch | 52 ++++++ .../files/libtirpc-1.3.2-use-after-free.patch | 31 ++++ net-libs/libtirpc/libtirpc-1.3.2-r1.ebuild | 65 ++++++++ 4 files changed, 326 insertions(+) Thanks! Please stable when ready GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22ebc6760d7a291af7777ec88b0308d009834988 commit 22ebc6760d7a291af7777ec88b0308d009834988 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2022-10-22 03:00:09 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2022-10-22 03:00:09 +0000 net-libs/libtirpc: drop 1.3.2, 1.3.2-r1 Bug: https://bugs.gentoo.org/859634 Signed-off-by: Mike Gilbert <floppym@gentoo.org> net-libs/libtirpc/Manifest | 1 - net-libs/libtirpc/files/libtirpc-1.3.2-dos.patch | 178 --------------------- .../files/libtirpc-1.3.2-memory-leak.patch | 52 ------ .../files/libtirpc-1.3.2-use-after-free.patch | 31 ---- net-libs/libtirpc/libtirpc-1.3.2-r1.ebuild | 65 -------- net-libs/libtirpc/libtirpc-1.3.2.ebuild | 60 ------- 6 files changed, 387 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a0617dfad9db92277e77c4ae6d40c06fd18b1314 commit a0617dfad9db92277e77c4ae6d40c06fd18b1314 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:30:06 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:17 +0000 [ GLSA 202210-33 ] Libtirpc: Denial of Service Bug: https://bugs.gentoo.org/859634 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-33.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) GLSA released, all done! |