|
|
Subscribe / Log in / New account

Scientific Linux alert SLSA-2016:0005-1 (rpcbind)



From:
    	      Pat Riehecky <riehecky@fnal.gov> 


To:
    	      <scientific-linux-errata@listserv.fnal.gov> 


Subject:
    	      Security ERRATA Moderate: rpcbind on SL6.x, SL7.x i386/x86_64 


Date:
    	      Thu, 7 Jan 2016 21:25:32 +0000


Message-ID:
    	      <20160107212532.26278.56158@slpackages.fnal.gov>


Synopsis:          Moderate: rpcbind security update
Advisory ID:       SLSA-2016:0005-1
Issue Date:        2016-01-07
CVE Numbers:       CVE-2015-7236
--

A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP
connections was discovered in rpcbind. A remote attacker could possibly
exploit this flaw to crash the rpcbind service by performing a series of
UDP and TCP calls. (CVE-2015-7236)

If the rpcbind service is running, it will be automatically restarted
after installing this update.
--

SL6
  x86_64
    rpcbind-0.2.0-11.el6_7.x86_64.rpm
    rpcbind-debuginfo-0.2.0-11.el6_7.x86_64.rpm
  i386
    rpcbind-0.2.0-11.el6_7.i686.rpm
    rpcbind-debuginfo-0.2.0-11.el6_7.i686.rpm
SL7
  x86_64
    rpcbind-0.2.0-33.el7_2.x86_64.rpm
    rpcbind-debuginfo-0.2.0-33.el7_2.x86_64.rpm

- Scientific Linux Development Team
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds