==========================================================================
Ubuntu Security Notice USN-2756-1
September 30, 2015
rpcbind vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 15.04
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
Summary:
rpcbind could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
– rpcbind: converts RPC program numbers into universal addresses
Details:
It was discovered that rpcbind incorrectly handled certain memory
structures. A remote attacker could use this issue to cause rpcbind to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
rpcbind 0.2.1-6ubuntu3.1
Ubuntu 14.04 LTS:
rpcbind 0.2.1-2ubuntu2.2
Ubuntu 12.04 LTS:
rpcbind 0.2.0-7ubuntu1.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2756-1
CVE-2015-7236
Package Information:
https://launchpad.net/ubuntu/+source/rpcbind/0.2.1-6ubuntu3.1
https://launchpad.net/ubuntu/+source/rpcbind/0.2.1-2ubuntu2.2
https://launchpad.net/ubuntu/+source/rpcbind/0.2.0-7ubuntu1.3
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJWDBrQAAoJEGVp2FWnRL6T0ecP+wQkNkejYXka35f+mKZF8BNG
IFdHGPfAAml2zbGn1V73+gGWzm/Zs0iJydnAQ5dqS+Bs8KzZNcQz6tl7FmozHPAt
k2nq71VGK9FmLdCzL0Jp4xgZAf+o2wBMECTg7lvzMJeVhdQ5P4yTFHP6UF32Om96
eOLYTFWMkIKEWD1Zza8SwBHs2ZDWLL2xNec0SNiPxsIdPRAjuXaGPpih5DOxxaZk
hhjW4A+lPURRrYDfIzXBJqNZ2vcUH7REcDgKrOfJ7dj3UjLfzLZjbkwb/7c2012N
VxJDm9oG+4lxxqVAVHUWQa4tvs97qE8uar4HWmlpj1BXEa1gmXhEbXIv1hFg8B5h
GcTOE7PLUuI+CxRykGen7ybz2U4AbqAXHIrieOSbZq//Mn7L+T51dJwhBzl9pSx8
TjuYZkoBrDB7niPXNDcF7GS4FxoboXdCLYCSmfMzXwxeVahXDYgtwUghp0YCzejX
0/nY1Sncn+VE1wtQpFs/KyAbryvrxzCbMMJxlk2bzaIoP8WUyyAHdnYkU1dB5HsK
9K9EFTlnRsIgtbpK4tsAb/QbcnzQpJ8N9loIlkz5XthSYGELOZz5YybZvG++rV/Z
fnmqqWWnvu3WkHQF0Zcz4oSh6nMfdnQ3nCh4DFhruFHVxsE+8ENVawsaHDgU6bgH
jcLVv8sm64F8elh7T38X
=2cut
—–END PGP SIGNATURE—–
—