+++ This bug was initially created as a clone of Bug #21948 +++
Ubuntu has issued an advisory on October 26:
Mageia 6 is also affected. I don't believe the affected code is present in Mageia 5.
Patched package uploaded for Mageia 6. Cauldron is still not fixed.
Updated systemd packages fix security vulnerability:
Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently
discovered that systemd-resolved incorrectly handled certain DNS responses. A
remote attacker could possibly use this issue to cause systemd to temporarily
stop responding, resulting in a denial of service (CVE-2017-15908).
Updated packages in core/updates_testing:
Been running this for one day without issues.
Note that even if its installed, Mageia does not use systemd-resolved by default.
advisory added to svn
Tested 32bit in virtualbox.
An update for this issue has been pushed to the Mageia Updates repository.