CVE-2017-15908

Priority
Medium
Description
In systemd 223 through 235, a remote DNS server can respond with a custom
crafted DNS NSEC resource record to trigger an infinite loop in the
dns_packet_read_type_window() function of the 'systemd-resolved' service
and cause a DoS of the affected service.
References
Bugs
Notes
 mdeslaur> resolve only used by default on zesty+
 mdeslaur> independently discovered by Nelson William Gamazo Sanchez,
 mdeslaur> working with Trend Micro's Zero Day Initiative
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (229-4ubuntu21.1)
Ubuntu 17.10 (Artful Aardvark):released (234-2ubuntu12.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (235-2ubuntu3)
Patches:
Upstream:https://github.com/systemd/systemd/pull/7184
Upstream:https://github.com/systemd/systemd/commit/9f939335a07085aa9a9663efd1dca06ef6405d62
More Information

Updated: 2018-06-26 05:02:03 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)