diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc | 59 |
1 files changed, 34 insertions, 25 deletions
diff --git a/share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc b/share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc index f718d3f4d8..a44e7390c7 100644 --- a/share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc +++ b/share/security/advisories/FreeBSD-SA-15:24.rpcbind.asc @@ -5,23 +5,28 @@ Hash: SHA512 FreeBSD-SA-15:24.rpcbind Security Advisory The FreeBSD Project -Topic: rpcbind(8) remote denial of service +Topic: rpcbind(8) remote denial of service [REVISED] Category: core Module: rpcbind -Announced: 2015-09-29 +Announced: 2015-09-29, revised on 2015-10-02 Affects: All supported versions of FreeBSD. -Corrected: 2015-09-29 18:06:27 UTC (stable/10, 10.2-STABLE) - 2015-09-29 18:07:18 UTC (releng/10.2, 10.2-RELEASE-p4) - 2015-09-29 18:07:18 UTC (releng/10.1, 10.1-RELEASE-p21) - 2015-09-29 18:06:27 UTC (stable/9, 9.3-STABLE) - 2015-09-29 18:07:18 UTC (releng/9.3, 9.3-RELEASE-p27) +Corrected: 2015-10-02 16:36:16 UTC (stable/10, 10.2-STABLE) + 2015-10-02 16:37:06 UTC (releng/10.2, 10.2-RELEASE-p5) + 2015-10-02 16:37:06 UTC (releng/10.1, 10.1-RELEASE-p22) + 2015-10-02 16:36:16 UTC (stable/9, 9.3-STABLE) + 2015-10-02 16:37:06 UTC (releng/9.3, 9.3-RELEASE-p28) CVE Name: CVE-2015-7236 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. +0. Revision history + +v1.0 2015-09-29 Initial release. +v1.1 2015-10-02 Revised patch to address a regression related to NIS usage + I. Background Sun RPC is a remote procedure call framework which allows clients to invoke @@ -94,6 +99,10 @@ detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-15:24/rpcbind.patch.asc # gpg --verify rpcbind.patch.asc +# fetch https://security.FreeBSD.org/patches/SA-15:24/rpcbind-00.patch +# fetch https://security.FreeBSD.org/patches/SA-15:24/rpcbind-00.patch.asc +# gpg --verify rpcbind-00.patch.asc + b) Apply the patch. Execute the following commands as root: # cd /usr/src @@ -111,11 +120,11 @@ affected branch. Branch/path Revision - ------------------------------------------------------------------------- -stable/9/ r288384 -releng/9.3/ r288385 -stable/10/ r288384 -releng/10.1/ r288385 -releng/10.2/ r288385 +stable/9/ r288511 +releng/9.3/ r288512 +stable/10/ r288511 +releng/10.1/ r288512 +releng/10.2/ r288512 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the @@ -139,17 +148,17 @@ The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.8 (FreeBSD) -iQIcBAEBCgAGBQJWCtQJAAoJEO1n7NZdz2rnqrcQAMpVQGhgOE2Qz7seLSeKyorU -lYjMQteAxsYFF7t6BCQxMcfnKVYS9fTUwega6bvBMVQqG7bWg3IKr/esH/pExC22 -XbVemdOKot63Qvu+qdQ33DMr0mb4B9NqWQDV4cFu2sj1yHtZjwufFsvTDC8B89Za -OfJsKrdxFbR57uOPnm1jhbb/m46O2q6HnD0GsPCXAA9SWAAk6hrjtVsRURjs654e -iuHa6umSADKeVj0FYiFOyrBM0FgyxmSpBikJD3aaLJa1qCFTPDrGG29283krtSlp -JgbWm0+dj9O6pl9NapuE2dKtXmp/bdjLzWKnj2qDWMpsX31uqLFSzcP6/AxxiIiI -S9Uvb9ucQJRqidJ5jgQkicLd7IIM20HWXOltA4uMovoqF8xOVkCyLZ5Nyg4Yiueg -vsjQ5lQipsOJQBtDO11HjLhZTm4a8c3pHASt0HadvxstNYjB0Kqtm2YySQGdk9H/ -/mvjsWE227fJkqwayBlmUviOX39Cz/9AzpkPtaQYsYKNUEOy0hr04i/yIF40RH/Z -wIChfTR10KkRvr4dAWT7Kg2bm2Xd0Gs6bEI5YX3PE3aROVwnwmVWCd/rpdkrnVsV -Pi5MWtPHNATPwRa2UmKbYtwB9mF3GXuBOSssW3K+DfPS+0/ZfYa5CedyeHA3aDGW -f5ih6/YFCvSB/NURgvcU -=WO98 +iQIcBAEBCgAGBQJWDrUCAAoJEO1n7NZdz2rnYU0QAL5iWj6a9z50ZGTDJLuE0+Zw +gDyW9gggo0eBPPuYCOpLr4IIt+0B0AvCVHJKCCc5r7DMptuBDAUtWHeyhvRH4XmU +rGnweLqI3AzfCSq+CnFV/meJEs+6EaaEGXEarMl+/3YysEMkNEOqO5dEryNaDjK+ ++jF+d2Xv13RZ+i2aDWwteQW+8LLdzhYHXWWM9NV70TubPITyq7iL5TXLTKlfRJKP +eOyphNeV/x+hpAL8zq5Kyu0AS8FoMWjR1rD/OtumraCI0zJsAxonZTY95WqM7Jl9 +mQwrsxvxUTUmLm+CieNEAAmFMiMBBRv6JeucvVn7I59dIFDSTo2REsVzc+y4zTta +5PJyy6txlwFSrsNiJrn8aklF3voYQMYuE08jRiHAOqNqGwMuPjDjysMfiK/a1WZM +7XKgSjQwGjX3ZEk9XIWqE3DjKjpyW24rceNL/AM1gRv4Hw9UDMQLlzoAh6RM8F/3 +GwiU6I5DuXIV942JX25ciHLfCkhoCyE9aEMR90ICQUgxV5xix0PpU5pukPgM9rZN +CeKKbX3v7GfmIy3oWNc3yby6guqZbWbeDimiyz6WboWVvmiZOTPTjtMLuXLbcaSQ +KbidUmkNU8SDzHMGXJypZ4DX9wlLFK2Wv3anaQsE/hxwgNPKpSMEZujysJ0tyTc9 +F4iUcG0fCsWryp8DydvE +=J1ex -----END PGP SIGNATURE----- |