Ubuntu has issued an advisory on July 28: https://ubuntu.com/security/notices/USN-5538-1 The issue is fixed upstream in 1.3.3rc1. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 1.3.3rc1Whiteboard: (none) => MGA8TOO
Assigning this globally in the absence of a visible maintainer. (This bug is noted against v1.3.1, although Cauldron already has v1.3.2. Irrelevant seeing that the cure is in v1.3.3rc1).
Assignee: bugsquad => pkg-bugs
Debian has issued an advisory for this on August 7: https://www.debian.org/security/2022/dsa-5200
Updated package built for cauldron and Mageia 8 Advisory: ======================== Patched libtirpc package fixes security vulnerability: It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service (CVE-2021-46828). References: https://ubuntu.com/security/notices/USN-5538-1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46828 ======================== Updated packages in core/updates_testing: ======================== lib64tirpc3-1.3.3-1.mga8 lib64tirpc-devel-1.3.3-1.mga8 libtirpc-1.3.3-1.mga8 from libtirpc-1.3.3-1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)CVE: (none) => CVE-2021-46828Version: Cauldron => 8Status comment: Fixed upstream in 1.3.3rc1 => (none)Assignee: pkg-bugs => qa-bugsCC: (none) => mhrambo3501
MGA8-64 Plasma on Acer Aspire 5253 No installation issues. Ref bug 20788 for testing # systemctl start rpcbind # strace -o /home/tester8/Documents/libtirpc.txt rpcinfo program version netid address service owner 100000 4 tcp6 ::.0.111 portmapper superuser 100000 3 tcp6 ::.0.111 portmapper superuser 100000 4 udp6 ::.0.111 portmapper superuser 100000 3 udp6 ::.0.111 portmapper superuser 100000 4 tcp 0.0.0.0.0.111 portmapper superuser 100000 3 tcp 0.0.0.0.0.111 portmapper superuser 100000 2 tcp 0.0.0.0.0.111 portmapper superuser 100000 4 udp 0.0.0.0.0.111 portmapper superuser 100000 3 udp 0.0.0.0.0.111 portmapper superuser 100000 2 udp 0.0.0.0.0.111 portmapper superuser 100000 4 local /run/rpcbind.sock portmapper superuser 100000 3 local /run/rpcbind.sock portmapper superuser Found ref. to libtirpc in trace file, so OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0288.html
Status: NEW => RESOLVEDResolution: (none) => FIXED