FS#75447 : [libtirpc] [security] CVE-2021-46828

FS#75447 - [libtirpc] [security] CVE-2021-46828

Attached to Project: Arch Linux
Opened by T.J. Townsend (blakkheim) - Thursday, 28 July 2022, 17:14 GMT
Last edited by Andreas Radke (AndyRTR) - Monday, 08 August 2022, 19:29 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Andreas Radke (AndyRTR)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
The libtirpc package is vulnerable to CVE-2021-46828, a DoS bug fixed upstream. The attached diff pulls in the commit to fix it and also switches from sha1sums to sha256sums.

Additional info:
https://git.linux-nfs.org/?p=steved/libtirpc.git;a=patch;h=86529758570cef4c73fb9b9c4104fdc510f701ed;hp=7089bb02714e23b9c737c22d64f1ee3b256e45f4

libtirpc.diff (1.2 KiB)

CVE-2021-46828.patch (20.8 KiB)

This task depends upon

Closed by Andreas Radke (AndyRTR)
Monday, 08 August 2022, 19:29 GMT
Reason for closing: Fixed
Additional comments about closing: 1.3.3-1

Comment by T.J. Townsend (blakkheim) - Saturday, 30 July 2022, 17:47 GMT

Upstream released libtirpc 1.3.3-rc4 two days ago, which includes the fixes, but I think it would be worth backporting now anyway. I say this because there has been a span of 11 months between rc1 and rc4... so the final 1.3.3 release might not be as close as it seems.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#75447 - [libtirpc] [security] CVE-2021-46828

Details

Loading...