| Errata ID | 396 |
|---|---|
| Date | 2018-05-08 |
| Source package | rpcbind |
| Fixed in version | 0.2.1-6+deb8u2A~4.2.3.201801251012 |
| Description | This update addresses the following issue: * rpcbind does not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. (CVE-2017-8779) |
| Additional notes | |
| CVE ID | CVE-2017-8779 |
| UCS Bug number | #44674 #46158 |
