[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is it possible to get a fix for libc6 and nfs-kernel-server into etch r1?

At 1178882707 time_t, Rik Theys wrote:
> The libc6 bug causes nfs-kernel-server to leak a lot of memory on busy NFS 
> servers that use netgroups (and other software that uses netgroups). In 
> extremis this could be used as a denial of service by letting the NFS 
> server run out of memory. I've applied the patch mentioned in 
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169051 to the etch 
> libc6 package and I can confirm that it fixes the bug. Note that it can 
> also be exploited locally by running the example program mentioned in the 
> bugzilla bug report.
> The nfs-kernel-server also leaks memory in two functions. The fix is a one 
> line fix in both cases. The fixes have also been applied to the version in 
> testing (1.0.12) and unstable.

I agree, and the patches are small and simple, so no objection from my

Julien Danjou
.''`.  Debian Developer
: :' : http://julien.danjou.info
`. `'  http://people.debian.org/~acid
  `-   9A0D 5FD9 EB42 22F6 8974  C95C A462 B51E C2FE E5CD

Attachment: signature.asc
Description: Digital signature

Reply to: