Scientific Linux Security Update : rpcbind on SL6.x, SL7.x i386/x86_64
Medium Nessus Plugin ID 87813
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote attacker could possibly exploit this flaw to crash the rpcbind service by performing a series of UDP and TCP calls. (CVE-2015-7236)
If the rpcbind service is running, it will be automatically restarted after installing this update.
SolutionUpdate the affected rpcbind and / or rpcbind-debuginfo packages.