libtirpc -- security update

2017-05-08T00:00:00
ID DSA-3845
Type debian
Reporter Debian
Modified 2017-05-08T00:00:00

Description

Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).

For the stable distribution (jessie), this problem has been fixed in version 0.2.5-1+deb8u1 of libtirpc and version 0.2.1-6+deb8u2 of rpcbind.

For the upcoming stable distribution (stretch), this problem has been fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.

For the unstable distribution (sid), this problem has been fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.

We recommend that you upgrade your libtirpc packages.