aboutsummaryrefslogtreecommitdiff
path: root/share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc
diff options
context:
space:
mode:
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc')
-rw-r--r--share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc59
1 files changed, 34 insertions, 25 deletions
diff --git a/share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc b/share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc
index f718d3f4d8..a44e7390c7 100644
--- a/share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc
+++ b/share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc
@@ -5,23 +5,28 @@ Hash: SHA512
FreeBSD-SA-15:24.rpcbind Security Advisory
The FreeBSD Project
-Topic: rpcbind(8) remote denial of service
+Topic: rpcbind(8) remote denial of service [REVISED]
Category: core
Module: rpcbind
-Announced: 2015-09-29
+Announced: 2015-09-29, revised on 2015-10-02
Affects: All supported versions of FreeBSD.
-Corrected: 2015-09-29 18:06:27 UTC (stable/10, 10.2-STABLE)
- 2015-09-29 18:07:18 UTC (releng/10.2, 10.2-RELEASE-p4)
- 2015-09-29 18:07:18 UTC (releng/10.1, 10.1-RELEASE-p21)
- 2015-09-29 18:06:27 UTC (stable/9, 9.3-STABLE)
- 2015-09-29 18:07:18 UTC (releng/9.3, 9.3-RELEASE-p27)
+Corrected: 2015-10-02 16:36:16 UTC (stable/10, 10.2-STABLE)
+ 2015-10-02 16:37:06 UTC (releng/10.2, 10.2-RELEASE-p5)
+ 2015-10-02 16:37:06 UTC (releng/10.1, 10.1-RELEASE-p22)
+ 2015-10-02 16:36:16 UTC (stable/9, 9.3-STABLE)
+ 2015-10-02 16:37:06 UTC (releng/9.3, 9.3-RELEASE-p28)
CVE Name: CVE-2015-7236
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
+0. Revision history
+
+v1.0 2015-09-29 Initial release.
+v1.1 2015-10-02 Revised patch to address a regression related to NIS usage
+
I. Background
Sun RPC is a remote procedure call framework which allows clients to invoke
@@ -94,6 +99,10 @@ detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-15:24/rpcbind.patch.asc
# gpg --verify rpcbind.patch.asc
+# fetch https://security.FreeBSD.org/patches/SA-15:24/rpcbind-00.patch
+# fetch https://security.FreeBSD.org/patches/SA-15:24/rpcbind-00.patch.asc
+# gpg --verify rpcbind-00.patch.asc
+
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
@@ -111,11 +120,11 @@ affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
-stable/9/ r288384
-releng/9.3/ r288385
-stable/10/ r288384
-releng/10.1/ r288385
-releng/10.2/ r288385
+stable/9/ r288511
+releng/9.3/ r288512
+stable/10/ r288511
+releng/10.1/ r288512
+releng/10.2/ r288512
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
@@ -139,17 +148,17 @@ The latest revision of this advisory is available at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.8 (FreeBSD)
-iQIcBAEBCgAGBQJWCtQJAAoJEO1n7NZdz2rnqrcQAMpVQGhgOE2Qz7seLSeKyorU
-lYjMQteAxsYFF7t6BCQxMcfnKVYS9fTUwega6bvBMVQqG7bWg3IKr/esH/pExC22
-XbVemdOKot63Qvu+qdQ33DMr0mb4B9NqWQDV4cFu2sj1yHtZjwufFsvTDC8B89Za
-OfJsKrdxFbR57uOPnm1jhbb/m46O2q6HnD0GsPCXAA9SWAAk6hrjtVsRURjs654e
-iuHa6umSADKeVj0FYiFOyrBM0FgyxmSpBikJD3aaLJa1qCFTPDrGG29283krtSlp
-JgbWm0+dj9O6pl9NapuE2dKtXmp/bdjLzWKnj2qDWMpsX31uqLFSzcP6/AxxiIiI
-S9Uvb9ucQJRqidJ5jgQkicLd7IIM20HWXOltA4uMovoqF8xOVkCyLZ5Nyg4Yiueg
-vsjQ5lQipsOJQBtDO11HjLhZTm4a8c3pHASt0HadvxstNYjB0Kqtm2YySQGdk9H/
-/mvjsWE227fJkqwayBlmUviOX39Cz/9AzpkPtaQYsYKNUEOy0hr04i/yIF40RH/Z
-wIChfTR10KkRvr4dAWT7Kg2bm2Xd0Gs6bEI5YX3PE3aROVwnwmVWCd/rpdkrnVsV
-Pi5MWtPHNATPwRa2UmKbYtwB9mF3GXuBOSssW3K+DfPS+0/ZfYa5CedyeHA3aDGW
-f5ih6/YFCvSB/NURgvcU
-=WO98
+iQIcBAEBCgAGBQJWDrUCAAoJEO1n7NZdz2rnYU0QAL5iWj6a9z50ZGTDJLuE0+Zw
+gDyW9gggo0eBPPuYCOpLr4IIt+0B0AvCVHJKCCc5r7DMptuBDAUtWHeyhvRH4XmU
+rGnweLqI3AzfCSq+CnFV/meJEs+6EaaEGXEarMl+/3YysEMkNEOqO5dEryNaDjK+
++jF+d2Xv13RZ+i2aDWwteQW+8LLdzhYHXWWM9NV70TubPITyq7iL5TXLTKlfRJKP
+eOyphNeV/x+hpAL8zq5Kyu0AS8FoMWjR1rD/OtumraCI0zJsAxonZTY95WqM7Jl9
+mQwrsxvxUTUmLm+CieNEAAmFMiMBBRv6JeucvVn7I59dIFDSTo2REsVzc+y4zTta
+5PJyy6txlwFSrsNiJrn8aklF3voYQMYuE08jRiHAOqNqGwMuPjDjysMfiK/a1WZM
+7XKgSjQwGjX3ZEk9XIWqE3DjKjpyW24rceNL/AM1gRv4Hw9UDMQLlzoAh6RM8F/3
+GwiU6I5DuXIV942JX25ciHLfCkhoCyE9aEMR90ICQUgxV5xix0PpU5pukPgM9rZN
+CeKKbX3v7GfmIy3oWNc3yby6guqZbWbeDimiyz6WboWVvmiZOTPTjtMLuXLbcaSQ
+KbidUmkNU8SDzHMGXJypZ4DX9wlLFK2Wv3anaQsE/hxwgNPKpSMEZujysJ0tyTc9
+F4iUcG0fCsWryp8DydvE
+=J1ex
-----END PGP SIGNATURE-----
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-25 14:16:57 +0000