Re: Remotely exploitable bug in systemd (CVE-2017-9445)

To: debian-user@lists.debian.org
Subject: Re: Remotely exploitable bug in systemd (CVE-2017-9445)
From: Sven Joachim <svenjoac@gmx.de>
Date: Sat, 01 Jul 2017 23:19:24 +0200
Message-id: <[🔎] 87r2xzzwgz.fsf@turtle.gmx.de>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20170701163641.0567492f@jabberwock.cb.piermont.com> (Perry E. Metzger's message of "Sat, 1 Jul 2017 16:36:41 -0400")
References: <[🔎] 20170701163641.0567492f@jabberwock.cb.piermont.com>

On 2017-07-01 16:36 -0400, Perry E. Metzger wrote:

> Howdy! CVE-2017-9445 is a remotely exploitable bug in systemd. It was
> first announced to the public about four or five days ago, not sure
> when it would have been announced to the security team.
>
> Am I correct in interpreting this:
> https://security-tracker.debian.org/tracker/CVE-2017-9445
> as meaning a fix to it still isn't in sid, and therefore is not
> yet in the process of percolating down to stretch?

That seems to be correct.

> Is there a preferred way of temporarily mitigating the problem?

Yes, don't use systemd-resolved in the first place.  As mentioned in the
tracker, systemd-resolved is not enabled by default in Debian, therefore
the problem is not treated as urgent.

Cheers,
       Sven

Reply to:

Follow-Ups:
- Re: Remotely exploitable bug in systemd (CVE-2017-9445)
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

References:
- Remotely exploitable bug in systemd (CVE-2017-9445)
  - From: "Perry E. Metzger" <perry@piermont.com>

Prev by Date: (SOLVED) Re: kde4 can't find file usr/share/kde4/apps/kdm/themes/lines
Next by Date: Re: mplayer won't play audio CD
Previous by thread: Remotely exploitable bug in systemd (CVE-2017-9445)
Next by thread: Re: Remotely exploitable bug in systemd (CVE-2017-9445)
Index(es):
- Date
- Thread