Ubuntu Security Notice 4986-4 - USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service. Various other issues were also addressed.
af3f6184f863a3662c9a63be4c06652ea06ebbf66effe1a163afa39a4e747eb0
==========================================================================
Ubuntu Security Notice USN-4986-4
June 10, 2021
rpcbind regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
USN-4986-1 caused a regression in rpcbind.
Software Description:
- rpcbind: converts RPC program numbers into universal addresses
Details:
USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression
resulting in rpcbind crashing in certain environments. This update fixes
the problem for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that rpcbind incorrectly handled certain large data
sizes. A remote attacker could use this issue to cause rpcbind to consume
resources, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
rpcbind 0.2.3-0.2ubuntu0.16.04.1+esm2
Ubuntu 14.04 ESM:
rpcbind 0.2.1-2ubuntu2.2+esm2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-4986-4
https://ubuntu.com/security/notices/USN-4986-1
https://launchpad.net/bugs/1931507