Sicherheit: Denial of Service in rpcbind (Aktualisierung)

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0706964045886086020==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="afg2yWyGXny6xRW3WSzsRLapqvaCmmRuC"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--afg2yWyGXny6xRW3WSzsRLapqvaCmmRuC
Content-Type: multipart/mixed;
boundary="HEgtOmPpXK7khInr6IfjIzahNLDMB8aXa";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <0caac779-f5d7-23a7-fd6b-61604286732e@canonical.com>
Subject: [USN-4986-3] rpcbind regression

--HEgtOmPpXK7khInr6IfjIzahNLDMB8aXa
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4986-3
June 10, 2021

rpcbind regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

USN-4986-1 caused a regression in rpcbind.

Software Description:
- rpcbind: converts RPC program numbers into universal addresses

Details:

USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression
resulting in rpcbind crashing in certain environments. This update fixes
the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that rpcbind incorrectly handled certain large data
sizes. A remote attacker could use this issue to cause rpcbind to consume
resources, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
rpcbind 0.2.3-0.6ubuntu0.18.04.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4986-3
https://ubuntu.com/security/notices/USN-4986-1
https://launchpad.net/bugs/1931507

Package Information:
https://launchpad.net/ubuntu/+source/rpcbind/0.2.3-0.6ubuntu0.18.04.3

--HEgtOmPpXK7khInr6IfjIzahNLDMB8aXa--

--afg2yWyGXny6xRW3WSzsRLapqvaCmmRuC
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmDCePYACgkQZWnYVadE
vpNtCw/9GU6muRUWBnMEDQdIWPCixcTNOXetxki8iootFmoYT/UphmSrNhzwXf/1
X90Mo0KB5rqaLn2rxFxB2gWl0u6aJe5/4peYfDmAkKWvSjh1H2lHBZQUIfBm9Gfz
FGL8hes4NKQ6+lMXA7vkxaQDTpLPbAK3O8K4s5LdP9sEIU0eAFEnks6QbugbY8p5
bBOcb0aSWLY2wFzrg6czdBNYRABT2iIizlbXKnNUS0wottWHruzPa/WmYmu5la1P
EGto6ip9Kyy4W+r2rWkzipVveC+Bqzh/dAOdYAzEGt87tJsNXwP99G+L1W0zu7jk
mQvJTYzP/HZjgutqro+HOCqsHHrtax8NfU8rbJt+zbre0BM/8CH4ckcdVtUds01D
mHGy8R3zMRl8/oAAr9dHnMREZOFjrDKzSbth0Rz6/kZwa2DmTjPciTQfGd0Xew4R
XK2faH9DNKf3KvxFPb2BC8IY1lpZgId/l85lMeUMIWB1sPFls/n1XNM/lQXDHTjE
Z1Imt9aFZC1+DrNolhQH9bhKALN1Anbtyb+y//fjRS9FaLRAr7n0E9Mr20lTcctJ
V10iKbhxGGZdMDVdIBt8CqCSFBEhf+zbutF9mPfEcM3N78BToKhT3Kn+4XQR9e17
Qp2ZFydAzjhzOKbRwtX8HIN0fVMnuEFjj0BaMD8xA5wCz5BMdsY=
=9O0b
-----END PGP SIGNATURE-----

--afg2yWyGXny6xRW3WSzsRLapqvaCmmRuC--

--===============0706964045886086020==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============0706964045886086020==--