Errata overview
Errata ID 353
Date 2018-05-08
Source package libtirpc
Fixed in version 0.2.5-1+deb8u1
This update addresses the following issue:
* LIBTIRPC does not consider the maximum RPC data size during memory
  allocation for XDR strings, which allows remote attackers to cause a denial
  of service (memory consumption with no subsequent free) via a crafted UDP
  packet to port 111, aka rpcbomb. (CVE-2017-8779)
Additional notes
CVE ID CVE-2017-8779
UCS Bug number #44674