You are here
Home > Preporuke > Sigurnosni propust programskog paketa rpcbind

Sigurnosni propust programskog paketa rpcbind

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2756-1
September 30, 2015

rpcbind vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.04
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

rpcbind could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
– rpcbind: converts RPC program numbers into universal addresses

Details:

It was discovered that rpcbind incorrectly handled certain memory
structures. A remote attacker could use this issue to cause rpcbind to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
rpcbind 0.2.1-6ubuntu3.1

Ubuntu 14.04 LTS:
rpcbind 0.2.1-2ubuntu2.2

Ubuntu 12.04 LTS:
rpcbind 0.2.0-7ubuntu1.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2756-1
CVE-2015-7236

Package Information:
https://launchpad.net/ubuntu/+source/rpcbind/0.2.1-6ubuntu3.1
https://launchpad.net/ubuntu/+source/rpcbind/0.2.1-2ubuntu2.2
https://launchpad.net/ubuntu/+source/rpcbind/0.2.0-7ubuntu1.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJWDBrQAAoJEGVp2FWnRL6T0ecP+wQkNkejYXka35f+mKZF8BNG
IFdHGPfAAml2zbGn1V73+gGWzm/Zs0iJydnAQ5dqS+Bs8KzZNcQz6tl7FmozHPAt
k2nq71VGK9FmLdCzL0Jp4xgZAf+o2wBMECTg7lvzMJeVhdQ5P4yTFHP6UF32Om96
eOLYTFWMkIKEWD1Zza8SwBHs2ZDWLL2xNec0SNiPxsIdPRAjuXaGPpih5DOxxaZk
hhjW4A+lPURRrYDfIzXBJqNZ2vcUH7REcDgKrOfJ7dj3UjLfzLZjbkwb/7c2012N
VxJDm9oG+4lxxqVAVHUWQa4tvs97qE8uar4HWmlpj1BXEa1gmXhEbXIv1hFg8B5h
GcTOE7PLUuI+CxRykGen7ybz2U4AbqAXHIrieOSbZq//Mn7L+T51dJwhBzl9pSx8
TjuYZkoBrDB7niPXNDcF7GS4FxoboXdCLYCSmfMzXwxeVahXDYgtwUghp0YCzejX
0/nY1Sncn+VE1wtQpFs/KyAbryvrxzCbMMJxlk2bzaIoP8WUyyAHdnYkU1dB5HsK
9K9EFTlnRsIgtbpK4tsAb/QbcnzQpJ8N9loIlkz5XthSYGELOZz5YybZvG++rV/Z
fnmqqWWnvu3WkHQF0Zcz4oSh6nMfdnQ3nCh4DFhruFHVxsE+8ENVawsaHDgU6bgH
jcLVv8sm64F8elh7T38X
=2cut
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2015-10-0003-ADV
CveCVE-2015-7236
ID izvornikaUSN-2756-1
Proizvodrpcbind
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Sigurnosni propust paketa cyrus-sasl2

Otkriveno je sigurnosni propust u programskom paketu cyrus-sasl2 za Ubuntu 15.04 uzrokovan neispravnim upravljanjem određenim unesenim neispravnim lozinkama, što je...

Close