Bug#863277: systemd: CVE-2017-9217: systemd-resolved crashed with SIGSEGV in dns_packet_is_reply_for()
Michael Biebl
biebl at debian.org
Mon May 29 13:04:17 BST 2017
Hi Salvatore!
On Wed, 24 May 2017 20:27:22 +0200 Salvatore Bonaccorso
<carnil at debian.org> wrote:
> Source: systemd
> Version: 232-23
> Severity: important
> Tags: patch upstream security
> Forwarded: https://github.com/systemd/systemd/pull/5998
>
> Hi,
>
> the following vulnerability was published for systemd.
>
> CVE-2017-9217[0]:
> | systemd-resolved through 233 allows remote attackers to cause a denial
> | of service (daemon crash) via a crafted DNS response with an empty
> | question section.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2017-9217
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9217
> [1] https://github.com/systemd/systemd/pull/5998
> [2] https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
> [3] https://bugzilla.novell.com/show_bug.cgi?id=1040614
>
> Please adjust the affected versions in the BTS as needed. I think the
> version in jessie should not be affected; unless I'm wrong (and then
> please correct me) the resolved: DNS client stub resolver was only
> introduced post v216, and the issue maybe even later (post v219). But
> would be greatly appreciated if you can confirm that.
I've marked it as found in v217-1, as this was the first version after
v216 uploaded to the archive. It doesn't matter to much if it's v217 or
v219 I think. Those uploads all landed in experimental at that time.
As for the bug itself: We don't enable resolved by default in Debian: Do
you think this bug is important enough that we should get this into 9.0?
I'd have to ask for an unlock request then.
Otherwise I'd just queue this fix in the stretch branch and try to get
this into 9.1.
For now, I'll apply this fix to v233 which is currently in experimental.
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20170529/df2a2400/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list