Remotely exploitable bug in systemd (CVE-2017-9445)

To: debian-user@lists.debian.org
Subject: Remotely exploitable bug in systemd (CVE-2017-9445)
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 1 Jul 2017 16:36:41 -0400
Message-id: <[🔎] 20170701163641.0567492f@jabberwock.cb.piermont.com>

Howdy! CVE-2017-9445 is a remotely exploitable bug in systemd. It was
first announced to the public about four or five days ago, not sure
when it would have been announced to the security team.

Am I correct in interpreting this:
https://security-tracker.debian.org/tracker/CVE-2017-9445
as meaning a fix to it still isn't in sid, and therefore is not
yet in the process of percolating down to stretch?

Is there a preferred way of temporarily mitigating the problem?
Remote exploitation that you can trigger by forcing a program to DNS
queries seems kind of bad.

Perry
-- 
Perry E. Metzger		perry@piermont.com

Reply to:

Follow-Ups:
- Re: Remotely exploitable bug in systemd (CVE-2017-9445)
  - From: Sven Joachim <svenjoac@gmx.de>
- Re: Remotely exploitable bug in systemd (CVE-2017-9445)
  - From: deloptes <deloptes@gmail.com>
- Re: Remotely exploitable bug in systemd (CVE-2017-9445)
  - From: Larry Dighera <LDighera@att.net>

Prev by Date: Re: Tracing hard Lockup
Next by Date: (SOLVED) Re: kde4 can't find file usr/share/kde4/apps/kdm/themes/lines
Previous by thread: Re: Questions on nonfree software
Next by thread: Re: Remotely exploitable bug in systemd (CVE-2017-9445)
Index(es):
- Date
- Thread