Bug 22294 - systemd new security issue CVE-2017-15908
Summary: systemd new security issue CVE-2017-15908
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK, MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-01-01 19:58 CET by David Walser
Modified: 2018-01-03 19:53 CET (History)
2 users (show)

See Also:
Source RPM: systemd-230-12.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-01-01 19:58:55 CET
+++ This bug was initially created as a clone of Bug #21948 +++

Ubuntu has issued an advisory on October 26:
https://usn.ubuntu.com/usn/usn-3466-1/

Mageia 6 is also affected.  I don't believe the affected code is present in Mageia 5.

Patched package uploaded for Mageia 6.  Cauldron is still not fixed.

Advisory:
========================

Updated systemd packages fix security vulnerability:

Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently
discovered that systemd-resolved incorrectly handled certain DNS responses. A
remote attacker could possibly use this issue to cause systemd to temporarily
stop responding, resulting in a denial of service (CVE-2017-15908).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15908
https://usn.ubuntu.com/usn/usn-3466-1/
========================

Updated packages in core/updates_testing:
========================
systemd-230-12.2.mga6
systemd-units-230-12.2.mga6
systemd-devel-230-12.2.mga6
nss-myhostname-230-12.2.mga6
libsystemd0-230-12.2.mga6
libudev1-230-12.2.mga6
libudev-devel-230-12.2.mga6

from systemd-230-12.2.mga6.src.rpm
Comment 1 Thomas Backlund 2018-01-03 13:24:00 CET
Been running this for one day without issues.

Note that even if its installed, Mageia does not use systemd-resolved by default.

advisory added to svn

Whiteboard: (none) => MGA6-64-OK
CC: (none) => tmb
Keywords: (none) => advisory

Comment 2 Thomas Backlund 2018-01-03 19:24:31 CET
Tested 32bit in virtualbox.

validating.

Whiteboard: MGA6-64-OK => MGA6-64-OK, MGA6-32-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2018-01-03 19:53:43 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0058.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.