CVE-2017-9445: systemd Hit By New Security Vulnerability
CVE-2017-9445 is regarding a vulnerability opened by systemd that could allow malicious actors to crash the program or run programs via a specially crafted DNS response.
This "high" level security notice is regarding an out-of-bounds write in systemd-resolved that could allow a remote attacker to crash the daemon or execute arbitrary code via a DNS response. This bug has been present since systemd 223 and was still present in systemd as of yesterday. Of course, systemd-resolved must be running on the system for your system to be vulnerable.
More details via this oss-security report by a Canonical employee and this CVE report.
This "high" level security notice is regarding an out-of-bounds write in systemd-resolved that could allow a remote attacker to crash the daemon or execute arbitrary code via a DNS response. This bug has been present since systemd 223 and was still present in systemd as of yesterday. Of course, systemd-resolved must be running on the system for your system to be vulnerable.
More details via this oss-security report by a Canonical employee and this CVE report.
89 Comments