1
Candidate: CVE-2017-9217
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9217
5
https://github.com/systemd/systemd/pull/5998
6
https://github.com/systemd/systemd/pull/6020
8
systemd-resolved through 233 allows remote attackers to cause a denial of
9
service (daemon crash) via a crafted DNS response with an empty question
13
tyhicks> I believe that this was introduced in v223 by
14
https://github.com/systemd/systemd/commit/29815b6c608b836cada5e349d06a96b63eaa65f3
15
tyhicks> Lennart pointed out in the pull request that systemd-resolved is
16
respawned after crashing. Therefore, I've rated this as a low priority.
17
tyhicks> systemd-resolved became the default DNS resolver in Zesty and it is
19
tyhicks> systemd-resolved is not used by default in Xenial. It is spawned if a
20
user execs the systemd-resolve utility but that shouldn't impact the system.
22
https://launchpad.net/bugs/1621396
28
upstream: https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be
29
upstream_systemd: needed
30
precise/esm_systemd: DNE
31
trusty_systemd: not-affected (204-5ubuntu20.24)
32
vivid/stable-phone-overlay_systemd: not-affected (219-7ubuntu6vividtouch1)
33
vivid/ubuntu-core_systemd: not-affected (219-7ubuntu6)
34
Priority_systemd_xenial: negligible
35
xenial_systemd: released (229-4ubuntu19)
36
yakkety_systemd: ignored (reached end-of-life)
37
zesty_systemd: released (232-21ubuntu4)
38
devel_systemd: released (233-6ubuntu3)