UbuntuUpdates.org

Package "rpcbind"

Name: rpcbind

Description:

converts RPC program numbers into universal addresses

Latest version: 0.2.3-0.6ubuntu0.18.04.4
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: http://sourceforge.net/projects/rpcbind/

Links


Download "rpcbind"


Other versions of "rpcbind" in Bionic

Repository Area Version
base main 0.2.3-0.6
security main 0.2.3-0.6ubuntu0.18.04.4

Changelog

Version: 0.2.3-0.6ubuntu0.18.04.4 2021-06-11 02:06:18 UTC

  rpcbind (0.2.3-0.6ubuntu0.18.04.4) bionic-security; urgency=medium

  * SECURITY REGRESSION: invalid pointer when freeing memory (LP: #1931507)
    - debian/patches/CVE-2017-8779-4.patch: stop freeing a static pointer
      in src/rpcb_svc_com.c.
    - debian/patches/CVE-2017-8779-5.patch: no need to allocate output
      buffer in src/rpcb_svc_com.c.

 -- Marc Deslauriers <email address hidden> Thu, 10 Jun 2021 17:40:45 -0400

Source diff to previous version
1931507 rpcbind failing on 0.2.3-0.6ubuntu0.18.04.2
CVE-2017-8779 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size duri

Version: 0.2.3-0.6ubuntu0.18.04.3 2021-06-10 21:06:22 UTC

  rpcbind (0.2.3-0.6ubuntu0.18.04.3) bionic-security; urgency=medium

  * SECURITY REGRESSION: assertion failure (LP: #1931507)
    - debian/patches/CVE-2017-8779-3.patch: fixed typo in memory leak patch
      in src/pmap_svc.c.

 -- Marc Deslauriers <email address hidden> Thu, 10 Jun 2021 14:40:54 -0400

Source diff to previous version
1931507 rpcbind failing on 0.2.3-0.6ubuntu0.18.04.2
CVE-2017-8779 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size duri

Version: 0.2.3-0.6ubuntu0.18.04.2 2021-06-09 13:06:25 UTC

  rpcbind (0.2.3-0.6ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via memory consumption (LP: #1925280)
    - debian/patches/CVE-2017-8779.patch: pair all svc_getargs() calls with
      svc_freeargs() to avoid memory leak in src/pmap_svc.c,
      src/rpcb_svc.c, src/rpcb_svc_4.c, src/rpcb_svc_com.c.
    - debian/patches/CVE-2017-8779-2.patch: fix building without
      --enable-debug in src/pmap_svc.c.
    - The patch included in 0.2.3-0.6 did not correctly fix this issue.
    - CVE-2017-8779

 -- Marc Deslauriers <email address hidden> Tue, 08 Jun 2021 09:03:58 -0400

Source diff to previous version
1925280 rpcbind still vulnerable with CVE-2017-8779
CVE-2017-8779 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size duri

Version: 0.2.3-0.6ubuntu0.18.04.1 2020-08-20 11:06:17 UTC

  rpcbind (0.2.3-0.6ubuntu0.18.04.1) bionic; urgency=medium

  * d/rules: force dh_autoreconf to fix FTBFS (LP: #1885389)
  * d/p/lp304393/0001-rpcbind-Disable-remote-calls-by-default.patch,
    d/p/lp304393/0002-rmt-calls.patch,
    d/p/lp304393/0003-change-rmtcalls-default-to-enabled.patch:
    - Allow disabling rmtcalls port binding (LP: #304393)

 -- Dan Streetman <email address hidden> Tue, 04 Aug 2020 17:17:50 -0400

1885389 FTBFS in x/b
304393 rpcbind grabs ports used by other daemons such as cupsd



About   -   Send Feedback to @ubuntu_updates