-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : rpcbind Version : 0.2.0-4.1+deb6u1 CVE ID : CVE-2015-7236
A use-after-free vulnerability in rpcbind causing remotely triggerable crash was found. Rpcbind crashes in svc_dodestroy when trying to free a corrupted xprt->xp_netid pointer, which contains a sockaddr_in.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJV/rx3XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHCBgP/3pUB25tiqd9Svlb2enpyosp +NyH1NHIuGxY2GwtgapzmYTX8Gs81p+eEjiX2/VM8wrmZuX94nPySdUlfGuXUE8m yXnFTx1S/DTw76q4wDBPdUHKAYRrHj9VANYdiKV4FUBAHTDSJh+xFhaW3pqkIGC9 iaLdOsblV7aLuGcLTrM/mLa23ZCIYPUPImFrC6UDKI1skez9OUjnTz1EYdA6CPlE CCApXxreC+Dltz/sxhHUVCb1zJq55FI77ZuHDqDD5GUc4ijwb9c1Jy6h20PIIMHh Lm+v5pqlSKzHeMcbPghyMPYTqrWEY7BJV42d/oqLmlx/UfKIs3ktN7ThTSGWidIC dU6GkzpTWJpNJJm3EhIQsPB9gZuW7ByxuVPuD9qf5abjIuRNaZCCCcsygFpIG4ME xihYe3QiHOO924dHgRuZR7AE7be0FdwfrtnYBCEIKY3fDF6ZgxEqVSY7LpPXCAvn eMPJlepHSay4z3Aj9ROQPc5K5iUmTandk8oYMvJ7orDNSnLQOzz6zYgatIE3GjmL qDceSSeZyNGlAeol9hKOsZl0ecdO4QXpXIVrALh+3rrG6+1TKUOjastOuAQQK0+R 2IwAS3Xyseygu3xKsTHWI67KMG0Wx0TYJzXa897vkSzFDRxaJ6QYyW3ftOK1rOD3 W6QdWA/OOcZDjd/pZl76 =vNK7 -----END PGP SIGNATURE-----
