Security update for rpcbind
| Announcement ID: | SUSE-SU-2026:22069-1 |
|---|---|
| Release Date: | 2026-06-04T13:00:55Z |
| Rating: | moderate |
| References: | |
| Affected Products: |
|
An update that has two fixes can now be installed.
Description:
This update for rpcbind fixes the following issues
Update to rpcbind 1.2.9:
Security issue:
- Fix several memory leaks and buffer overflows (bsc#1267212).
Non security issue:
- rpcbind fails to start (tumbleweed snapshot 20181120) (bsc#1117217).
Changes:
- rpcinfo: stack buffer overflow in rpcinfo rpcbaddrlist()
- rpcbind: Stop unauthenticated oversized allocation in PMAPPROC_CALLIT decode
- rpcbind: fix memory leak in read_warmstart()
- rpcbind: fix memory leaks in network_init()
- rpcbind: fix memory leak in init_transport()
- Added -v (print version and compile flags)
- rpcinfo: Removed a number of "old-style function definition" warnings
- man/rpcbind: Update list of options
- Comment out ListenStream=@/run/rpcbind.sock
- [nfs/nfs-utils/rpcbind] rpcbind: avoid dereferencing NULL from realloc()
- systemd/rpcbind.service.in: Add various hardenings options
- man/rpcbind: Add Files section to manpage
- Moved rpcbind.lock and default configs to /run instead of /var/run
- rpcinfo: try connecting using abstract address
- Listen on an AF_UNIX abstract address if supported
- autotools/systemd: call rpcbind with -w only on enabled warm starts
- rpcbind: fix double free in init_transport
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Micro 6.1
zypper in -t patch SUSE-SLE-Micro-6.1-565=1
Package List:
-
SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64)
- rpcbind-debugsource-1.2.9-slfo.1.1_1.1
- rpcbind-1.2.9-slfo.1.1_1.1
- rpcbind-debuginfo-1.2.9-slfo.1.1_1.1