Debian DSA-3845-1 : libtirpc - security update
High Nessus Plugin ID 100029
SynopsisThe remote Debian host is missing a security-related update.
DescriptionGuido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion (depending on memory management settings).
SolutionUpgrade the libtirpc packages.
For the stable distribution (jessie), this problem has been fixed in version 0.2.5-1+deb8u1 of libtirpc and version 0.2.1-6+deb8u2 of rpcbind.
For the upcoming stable distribution (stretch), this problem has been fixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.