{"id":"MGASA-2017-0183","summary":"Updated rpcbind/libtirpc packages fix security vulnerability","details":"It was discovered that rpcbind and libtirpc contain a vulnerability that\nallows an attacker to allocate any amount of bytes (up to 4 gigabytes per\nattack) on a remote rpcbind host, and the memory is never freed unless the\nprocess crashes or the administrator halts or restarts the rpcbind\nservice.  This can slow down the system’s operations significantly or\nprevent other services from spawning processes entirely (CVE-2017-8779).\n","modified":"2026-04-16T01:47:55.240713233Z","published":"2017-06-26T21:37:03Z","upstream":["CVE-2017-8779"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0183.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20788"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2017/05/04/3"}],"affected":[{"package":{"name":"rpcbind","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/rpcbind?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.2-1.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0183.json"}},{"package":{"name":"libtirpc","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libtirpc?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.5-3.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0183.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}