Arch Linux: ASA-201707-2 Critical: Systemd Arbitrary Code Execution

Arch Linux Security Advisory ASA-201707-2
========================================
Severity: Critical
Date    : 2017-07-03
CVE-ID  : CVE-2017-9445
Package : systemd
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-329

Summary
======
The package systemd before version 233-6 is vulnerable to arbitrary
code execution.

Resolution
=========
Upgrade to 233-6.

# pacman -Syu "systemd>=233-6"

The problem has been fixed upstream in version 233.

Workaround
=========
None.

Description
==========
An out-of-bounds write was discovered in systemd-resolved when handling
specially crafted DNS responses. A remote attacker could potentially
exploit this to cause a denial of service (daemon crash) or execute
arbitrary code.

Impact
=====
A remote attacker is able to craft a malicious DNS response to crash
systemd-resolved or execute arbitrary code on the target host.

References
=========
https://bugs.archlinux.org/task/54619
http://seclists.org/oss-sec/2017/q2/618
https://security.archlinux.org/CVE-2017-9445