[arch-security] [ASA-201707-2] systemd: arbitrary code execution
Christian Rebischke
Chris.Rebischke at archlinux.org
Mon Jul 3 15:02:45 UTC 2017
Arch Linux Security Advisory ASA-201707-2
=========================================
Severity: Critical
Date : 2017-07-03
CVE-ID : CVE-2017-9445
Package : systemd
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-329
Summary
=======
The package systemd before version 233-6 is vulnerable to arbitrary
code execution.
Resolution
==========
Upgrade to 233-6.
# pacman -Syu "systemd>=233-6"
The problem has been fixed upstream in version 233.
Workaround
==========
None.
Description
===========
An out-of-bounds write was discovered in systemd-resolved when handling
specially crafted DNS responses. A remote attacker could potentially
exploit this to cause a denial of service (daemon crash) or execute
arbitrary code.
Impact
======
A remote attacker is able to craft a malicious DNS response to crash
systemd-resolved or execute arbitrary code on the target host.
References
==========
https://bugs.archlinux.org/task/54619
http://seclists.org/oss-sec/2017/q2/618
https://security.archlinux.org/CVE-2017-9445
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170703/878906c7/attachment.asc>
More information about the arch-security
mailing list