[arch-security] [ASA-201707-2] systemd: arbitrary code execution
Chris.Rebischke at archlinux.org
Mon Jul 3 15:02:45 UTC 2017
Arch Linux Security Advisory ASA-201707-2
Date : 2017-07-03
CVE-ID : CVE-2017-9445
Package : systemd
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-329
The package systemd before version 233-6 is vulnerable to arbitrary
Upgrade to 233-6.
# pacman -Syu "systemd>=233-6"
The problem has been fixed upstream in version 233.
An out-of-bounds write was discovered in systemd-resolved when handling
specially crafted DNS responses. A remote attacker could potentially
exploit this to cause a denial of service (daemon crash) or execute
A remote attacker is able to craft a malicious DNS response to crash
systemd-resolved or execute arbitrary code on the target host.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security