Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201707-5 ======================================== Severity: Medium Date : 2017-07-04 CVE-ID : CVE-2017-9217 Package : systemd Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-337 Summary ====== The package systemd before version 233-7 is vulnerable to denial of service. Resolution ========= Upgrade to 233-7. # pacman -Syu "systemd>=233-7" The problem has been fixed upstream in version 233. Workaround ========= None. Description ========== A security issue has been found in systemd-resolved, allowing a remote attacker to cause a denial of service (daemon crash via NULL-pointer dereference) via a crafted DNS response with an empty question section. Impact ===== A remote attacker can cause a denial of service via a crafted DNS response. References ========= https://github.com/systemd/systemd/commit/262d95fecd357343887709006188f690cfe040a9 https://github.com/systemd/systemd/pull/6020 https://security.archlinux.org/CVE-2017-9217