Re: Remotely exploitable bug in systemd (CVE-2017-9445)
Perry E. Metzger wrote:
> Howdy! CVE-2017-9445 is a remotely exploitable bug in systemd. It was
> first announced to the public about four or five days ago, not sure
> when it would have been announced to the security team.
>
> Am I correct in interpreting this:
> https://security-tracker.debian.org/tracker/CVE-2017-9445
> as meaning a fix to it still isn't in sid, and therefore is not
> yet in the process of percolating down to stretch?
>
> Is there a preferred way of temporarily mitigating the problem?
> Remote exploitation that you can trigger by forcing a program to DNS
> queries seems kind of bad.
>
> Perry
I don't think it is that new as I have not done any upgrades recently and I
have
dpkg -l | grep systemd
ii libpam-systemd:amd64 215-17+deb8u7
amd64 system and service manager - PAM module
ii libsystemd0:amd64 215-17+deb8u7
amd64 systemd utility library
and in the CVE-2017-9445 it says it is fixed in jessie in the above
mentioned versions ... so it must be at least few weeks old as I recently
updated back then.
regards
Reply to: