Source: systemd Version: 232-1 Severity: important Tags: patch security upstream Forwarded: https://github.com/systemd/systemd/pull/7184
Hi, the following vulnerability was published for systemd. CVE-2017-15908[0]: | In systemd 223 through 235, a remote DNS server can respond with a | custom crafted DNS NSEC resource record to trigger an infinite loop in | the dns_packet_read_type_window() function of the 'systemd-resolved' | service and cause a DoS of the affected service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15908 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15908 [1] https://github.com/systemd/systemd/pull/7184 [2] https://github.com/systemd/systemd/commit/9f939335a07085aa9a9663efd1dca06ef6405d62 Please adjust the affected versions in the BTS as needed. Since systemd-resolved is not enabled by default I think an update via an upcoming stretch point release would be enough. Please let us know if you disagre. Regards, Salvatore _______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
