FS#53927 - [rpcbind] Backport fix for CVE-2017-8779, remote unauthenticated DoS
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Thursday, 04 May 2017, 17:04 GMT
Last edited by Andreas Radke (AndyRTR) - Friday, 05 May 2017, 18:39 GMT
Opened by Remi Gacogne (rgacogne) - Thursday, 04 May 2017, 17:04 GMT
Last edited by Andreas Radke (AndyRTR) - Friday, 05 May 2017, 18:39 GMT
|
Details
Hello,
A security issue, CVE-2017-8779 has been found [1] in rpcbind <= 0.2.4. While no fix has been committed upstream yet, the original reporter published a patch [2], and it would be nice if we could consider backporting it. Thanks, Remi [1]: https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ [2]: https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt |
This task depends upon