Bug 22294

Summary: systemd new security issue CVE-2017-15908
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: sysadmin-bugs, tmb
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-64-OK, MGA6-32-OK
Source RPM: systemd-230-12.mga6.src.rpm CVE:
Status comment:

Description David Walser 2018-01-01 19:58:55 CET 
+++ This bug was initially created as a clone of Bug #21948 +++

Ubuntu has issued an advisory on October 26:
https://usn.ubuntu.com/usn/usn-3466-1/

Mageia 6 is also affected.  I don't believe the affected code is present in Mageia 5.

Patched package uploaded for Mageia 6.  Cauldron is still not fixed.

Advisory:
========================

Updated systemd packages fix security vulnerability:

Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently
discovered that systemd-resolved incorrectly handled certain DNS responses. A
remote attacker could possibly use this issue to cause systemd to temporarily
stop responding, resulting in a denial of service (CVE-2017-15908).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15908
https://usn.ubuntu.com/usn/usn-3466-1/
========================

Updated packages in core/updates_testing:
========================
systemd-230-12.2.mga6
systemd-units-230-12.2.mga6
systemd-devel-230-12.2.mga6
nss-myhostname-230-12.2.mga6
libsystemd0-230-12.2.mga6
libudev1-230-12.2.mga6
libudev-devel-230-12.2.mga6

from systemd-230-12.2.mga6.src.rpm
Comment 1 Thomas Backlund 2018-01-03 13:24:00 CET 
Been running this for one day without issues.

Note that even if its installed, Mageia does not use systemd-resolved by default.

advisory added to svn

Whiteboard: (none) => MGA6-64-OK
CC: (none) => tmb
Keywords: (none) => advisory

Comment 2 Thomas Backlund 2018-01-03 19:24:31 CET 
Tested 32bit in virtualbox.

validating.

Whiteboard: MGA6-64-OK => MGA6-64-OK, MGA6-32-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2018-01-03 19:53:43 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0058.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED