[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Is it possible to get a fix for libc6 and nfs-kernel-server into etch r1?

Dear SRM,

Is there any chance to get a fix for #423369 and #423108, a memory leak in both libc6 and nfs-kernel-server, into etch r1?

The libc6 bug causes nfs-kernel-server to leak a lot of memory on busy NFS servers that use netgroups (and other software that uses netgroups). In extremis this could be used as a denial of service by letting the NFS server run out of memory. I've applied the patch mentioned in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169051 to the etch libc6 package and I can confirm that it fixes the bug. Note that it can also be exploited locally by running the example program mentioned in the bugzilla bug report.

The nfs-kernel-server also leaks memory in two functions. The fix is a one line fix in both cases. The fixes have also been applied to the version in testing (1.0.12) and unstable.



Rik Theys
KU Leuven - Dept. ESAT
Kasteelpark Arenberg 10
Tel.: +32(0)16/32.11.07
<<Any errors in spelling, tact or fact are transmission errors>>

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

Reply to: