[SECURITY] [DLA 3859-1] systemd security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3859-1] systemd security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 2 Sep 2024 17:06:09 +0300
Message-id: <[🔎] ZtXGUVGRKyOUJz3f@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3859-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 02, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : systemd
Version        : 247.3-7+deb11u6
CVE ID         : CVE-2023-7008 CVE-2023-50387 CVE-2023-50868
Debian Bug     : 1059278

Multiple vulnerabilities have been fixed in systemd, the default init 
system in Debian, when using systemd-resolved with DNSSEC.

CVE-2023-7008

    Don't accept records of DNSSEC-signed domains when they have no signature.

CVE-2023-50387

    DNSSEC denial of service (CPU consumption)

CVE-2023-50868

    DNSSEC denial of service (CPU consumption)

For Debian 11 bullseye, these problems have been fixed in version
247.3-7+deb11u6.

We recommend that you upgrade your systemd packages.

For the detailed security status of systemd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/systemd

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmbVxksACgkQiNJCh6LY
mLF5rA//ZviRL5av2fseAWMVRdAAbpQ9aIsx+YhRX7s9vVOOLAdok3Wxe1PsdUST
H4ocq1NE0nbVPDxjh4XLHwa01FgMqXExR5J4uIsQmiBhAAjcZXVidx7z/dODn62I
LzAMH8UfjJCuyHV6deUoLiEujGivKsmDv3sUXqphah8yVcdvAMm075+iJ/5yMDDB
2BZpoBJcHBRfdKbojcm0iE3wLaf/8AH+PbFbYyl4FGoU2UPitF9UPLHxZ4I3MuMP
Te+tsAN3pLczftKcKk62RtYnNecnNyuP93BNqOYmXv/T1B44AD/pvAYX2IEwkyjh
/2ZKB9MQ9VC5zpRdtp0DrvuIOF5WthsUwRIaHlK+uj3VdD+tevr2oJ5JlRPnlv9Q
mFQ9kk3dOtYEpPYL/4vXjbV1gFAr2l+qmjPNCYe6qPRRbQOJ4jfUz0wA3V3an9Ai
/qB2dLfRlV6RCHUi5oTDP5gBaC91I3aUStvW4yFrZ3/h2lFgK2ZtkaRQW1HEVL2L
nsklxtolxqmlwqfy8hEnpfzs3KnvEYRT+aKuPCh1f8cUC+dSD/f6Vd4ax9IKxXJN
sD+QRWWupM5yBPpLX3+G45eiOZfM+Cr/bYJfmfbsO58Y7/tm52i2rcW7e1ryKsmt
XArsluZRRJPFpCHyt5ndoJkJQGUR6lVDbOe4UbF99nA5kT8qUho=
=cjhq
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3858-1] ruby2.7 security update
Next by Date: [SECURITY] [DLA 3860-1] dovecot security update
Previous by thread: [SECURITY] [DLA 3858-1] ruby2.7 security update
Next by thread: [SECURITY] [DLA 3860-1] dovecot security update
Index(es):
- Date
- Thread