CVE-2017-15908

Priority
Medium
Description
In systemd 223 through 235, a remote DNS server can respond with a custom
crafted DNS NSEC resource record to trigger an infinite loop in the
dns_packet_read_type_window() function of the 'systemd-resolved' service
and cause a DoS of the affected service.
References
Bugs
Notes
 mdeslaur> resolve only used by default on zesty+
 mdeslaur> independently discovered by Nelson William Gamazo Sanchez,
 mdeslaur> working with Trend Micro's Zero Day Initiative
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):released (234-2ubuntu12.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (235-2ubuntu3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):released (232-21ubuntu7.1)
Patches:
Upstream:https://github.com/systemd/systemd/pull/7184
More Information

Updated: 2017-11-20 20:14:18 UTC (commit 13734)