[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Remotely exploitable bug in systemd (CVE-2017-9445)

Perry E. Metzger wrote:

> Howdy! CVE-2017-9445 is a remotely exploitable bug in systemd. It was
> first announced to the public about four or five days ago, not sure
> when it would have been announced to the security team.
> 
> Am I correct in interpreting this:
> https://security-tracker.debian.org/tracker/CVE-2017-9445
> as meaning a fix to it still isn't in sid, and therefore is not
> yet in the process of percolating down to stretch?
> 
> Is there a preferred way of temporarily mitigating the problem?
> Remote exploitation that you can trigger by forcing a program to DNS
> queries seems kind of bad.
> 
> Perry

I don't think it is that new as I have not done any upgrades recently and I
have
dpkg -l | grep systemd
ii  libpam-systemd:amd64                   215-17+deb8u7                          
amd64        system and service manager - PAM module
ii  libsystemd0:amd64                      215-17+deb8u7                          
amd64        systemd utility library

and in the CVE-2017-9445 it says it is fixed in jessie in the above
mentioned versions ... so it must be at least few weeks old as I recently
updated back then.

regards
Reply to: