Source: libtirpc X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for libtirpc. CVE-2021-46828[0]: | In libtirpc before 1.3.3rc1, remote attackers could exhaust the file | descriptors of a process that uses libtirpc because idle TCP | connections are mishandled. This can, in turn, lead to an svc_run | infinite loop without accepting new connections. Patch: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-46828 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46828 Please adjust the affected versions in the BTS as needed.