systemd: CVE-2017-9445: Out-of-bounds write in systemd-resolved with crafted TCP payload

Debian Bug report logs - #866147
systemd: CVE-2017-9445: Out-of-bounds write in systemd-resolved with crafted TCP payload

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: systemd: CVE-2017-9445: Out-of-bounds write in systemd-resolved with crafted TCP payload

Date: Tue, 27 Jun 2017 20:49:26 +0200

Source: systemd
Version: 232-25
Severity: important
Tags: upstream security patch

Hi,

the following vulnerability was published for systemd.

CVE-2017-9445[0]:
Out-of-bounds write in systemd-resolved with crafted TCP payload

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9445
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9445
[1] http://www.openwall.com/lists/oss-security/2017/06/27/8

As previously discussed, since systemd-resolved is not enabled by
default in Debian, an update via the next point release would still be
great to have.

Thanks for your work!

Regards,
Salvatore

Message #16 received at 866147-close@bugs.debian.org (full text, mbox, reply):

From: Michael Biebl <biebl@debian.org>

To: 866147-close@bugs.debian.org

Subject: Bug#866147: fixed in systemd 233-10

Date: Mon, 03 Jul 2017 17:24:11 +0000

Source: systemd
Source-Version: 233-10

We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 866147@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated systemd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 03 Jul 2017 18:51:58 +0200
Source: systemd
Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump systemd-tests libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb
Architecture: source
Version: 233-10
Distribution: unstable
Urgency: medium
Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
 libnss-myhostname - nss module providing fallback resolution for the current hostname
 libnss-mymachines - nss module to resolve hostnames for local container instances
 libnss-resolve - nss module to resolve names via systemd-resolved
 libnss-systemd - nss module providing dynamic user and group name resolution
 libpam-systemd - system and service manager - PAM module
 libsystemd-dev - systemd utility library - development files
 libsystemd0 - systemd utility library
 libudev-dev - libudev development files
 libudev1   - libudev shared library
 libudev1-udeb - libudev shared library (udeb)
 systemd    - system and service manager
 systemd-container - systemd container/nspawn tools
 systemd-coredump - tools for storing and retrieving coredumps
 systemd-journal-remote - tools for sending and receiving remote journal logs
 systemd-sysv - system and service manager - SysV links
 systemd-tests - tests for systemd
 udev       - /dev/ and hotplug management daemon
 udev-udeb  - /dev/ and hotplug management daemon (udeb)
Closes: 824532 865449 866147 866579
Changes:
 systemd (233-10) unstable; urgency=medium
 .
   [ Martin Pitt ]
   * Adjust var-lib-machines.mount target.
     Upstream PR #6095 changed the location to
     {remote-fs,machines}.target.wants, so just install all available ones.
 .
   [ Dimitri John Ledkov ]
   * Fix out-of-bounds write in systemd-resolved.
     CVE-2017-9445 (Closes: #866147, LP: #1695546)
 .
   [ Michael Biebl ]
   * Be truly quiet in systemctl -q is-enabled (Closes: #866579)
   * Improve RLIMIT_NOFILE handling.
     Use /proc/sys/fs/nr_open to find the current limit of open files
     compiled into the kernel instead of using a hard-coded value of 65536
     for RLIMIT_NOFILE. (Closes: #865449)
 .
   [ Nicolas Braud-Santoni ]
   * debian/extra/rules: Use updated U2F ruleset.
     This ruleset comes from Yubico's libu2f-host. (Closes: #824532)
Checksums-Sha1:
 47e7477c541c2ce26c48079534faa487cad9b6bb 4837 systemd_233-10.dsc
 06ed2344c440906f97d1cf881f2d2769c950ce6d 145224 systemd_233-10.debian.tar.xz
 fb2e736470fbfe119c24ee31f0274f824243fe93 8583 systemd_233-10_source.buildinfo
Checksums-Sha256:
 dec2896378686c332fa949f6b492868a356f2e8d44336565029b636cd53df250 4837 systemd_233-10.dsc
 eab22fe504abbdb21801d112c797dc52bf17ba03ebb542632f8a63e766151de3 145224 systemd_233-10.debian.tar.xz
 c36a38081697fb3c1a0ab583b1dc45908eb9cfe782ab7377b7f75a3d1e93efc0 8583 systemd_233-10_source.buildinfo
Files:
 e6ca205163d6963e5e092b67654fed07 4837 admin optional systemd_233-10.dsc
 5c25f36e756ea104be3e2e76a63dc431 145224 admin optional systemd_233-10.debian.tar.xz
 85ed9f21e0bcf66095b27beaa840d52f 8583 admin optional systemd_233-10_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAllad2UACgkQauHfDWCP
Itxr7A/+MpmOOKaB1JlU5861MqEgIxbNjKgFsiJnO2mZnKBxr6g82yXJDh4mknJW
c3rG8DzatelEzjKNbBjxMFvNqIrvLm8k15iaTpuwi+1xtyaEGX1G62sOVOWihCWJ
DTj2wyMizzUcfR3m3rCNEkx+SlbK3kAPjK33M6VtdaOjHVmzFfXRc/uYedTwtUrU
Ytc6+910gKrUt8ecbbUN3wG2/iQdQQKWTJEcNISciCgXnGXkAJw4gsJPYP4y3fqI
m3q9FAnDmySMj9RXABT/GXnXg+/EnsjFmlsslopiMXrSOJbQwR06Jx56N8k+moCv
LZQAa+xyS/dGYkb7eNhipQzDn8qukU+R/bxaWFqsDvNmMnUmja11RwzVKtPK15fS
Ild4ZtnXlcetGBl4F+21+KL/UZq1lkTFMVgXk17i4qu/yqiNjrG5QOxW361gB2SB
grdkiKFOjxdOcztbZU0AWAo+XlV5tIhNBOmhM+zvBWuPRKO6YOsYEmyMRlbdZDUW
Z23wbe5lzSf8hFVn5GQQ06+rX5O3X/pUet43iK37X+24AXefZsicfFe+F0/XnAUL
55UFJPiRxkcAXGMqQFiFVSjefCyZ9s11wgmb0GJS3YvclRxu6KaDsKNadOLvT4vx
z8524cEiotShienExEgZmAGvz5c/uk9Ax2OZ69SZT3R273Gmslw=
=os63
-----END PGP SIGNATURE-----

Message #23 received at 866147-close@bugs.debian.org (full text, mbox, reply):

From: Michael Biebl <biebl@debian.org>

To: 866147-close@bugs.debian.org

Subject: Bug#866147: fixed in systemd 232-25+deb9u1

Date: Sun, 16 Jul 2017 12:17:08 +0000

Source: systemd
Source-Version: 232-25+deb9u1

We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 866147@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated systemd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 05 Jul 2017 22:31:25 +0200
Source: systemd
Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb
Architecture: source
Version: 232-25+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
 libnss-myhostname - nss module providing fallback resolution for the current hostname
 libnss-mymachines - nss module to resolve hostnames for local container instances
 libnss-resolve - nss module to resolve names via systemd-resolved
 libnss-systemd - nss module providing dynamic user and group name resolution
 libpam-systemd - system and service manager - PAM module
 libsystemd-dev - systemd utility library - development files
 libsystemd0 - systemd utility library
 libudev-dev - libudev development files
 libudev1   - libudev shared library
 libudev1-udeb - libudev shared library (udeb)
 systemd    - system and service manager
 systemd-container - systemd container/nspawn tools
 systemd-coredump - tools for storing and retrieving coredumps
 systemd-journal-remote - tools for sending and receiving remote journal logs
 systemd-sysv - system and service manager - SysV links
 udev       - /dev/ and hotplug management daemon
 udev-udeb  - /dev/ and hotplug management daemon (udeb)
Closes: 824532 865449 866147 866579
Changes:
 systemd (232-25+deb9u1) stretch; urgency=medium
 .
   [ Dimitri John Ledkov ]
   * Fix out-of-bounds write in systemd-resolved.
     CVE-2017-9445 (Closes: #866147, LP: #1695546)
 .
   [ Michael Biebl ]
   * Be truly quiet in systemctl -q is-enabled (Closes: #866579)
   * Improve RLIMIT_NOFILE handling.
     Use /proc/sys/fs/nr_open to find the current limit of open files
     compiled into the kernel instead of using a hard-coded value of 65536
     for RLIMIT_NOFILE. (Closes: #865449)
 .
   [ Nicolas Braud-Santoni ]
   * debian/extra/rules: Use updated U2F ruleset.
     This ruleset comes from Yubico's libu2f-host. (Closes: #824532)
Checksums-Sha1:
 616fb901089666e3be813ea742341ee998f795f4 4797 systemd_232-25+deb9u1.dsc
 fb9c4d765683d77d6987443f30b8131d8b2867a0 205680 systemd_232-25+deb9u1.debian.tar.xz
 45e5b5ae81ca585c5f7a3e5349c00ab98774ff52 9568 systemd_232-25+deb9u1_source.buildinfo
Checksums-Sha256:
 624303bdd40a5cc5ffa6c2c1e4557976908a4c8b45d2f59dee1acf0965308823 4797 systemd_232-25+deb9u1.dsc
 5b9ef3d5f28dc8e5988eca66c2df022a1e79453f87d1d4a8693c3bf9d6786a14 205680 systemd_232-25+deb9u1.debian.tar.xz
 655cfb3e8317dbef0838e9e48ed91c1c47b4a201bd71f82915c300816284b3f4 9568 systemd_232-25+deb9u1_source.buildinfo
Files:
 65279fc638172c21771d504778cc8db8 4797 admin optional systemd_232-25+deb9u1.dsc
 fe6150f3de3ab9c6d13fa33cf0cc550c 205680 admin optional systemd_232-25+deb9u1.debian.tar.xz
 0a3e232a93faf6211cd7c8c5c2058156 9568 admin optional systemd_232-25+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAllqjckACgkQauHfDWCP
ItxORw//XMA9dfxw9W8oMkA6aktJ7nQ/oszof8k60xlKufF5bxJcRAPyShNSkz9J
P6xUFDJPz1OUYrzs7IZeAHNy3k7pXGgzU8/WtE7CUcQv+BUv5e6xtFIGR5I4bi/z
2v3zQYjOJTY6Jkqy0ycDx7MMVHG1+FEn7a9TGkCs1KCJiKfaFao0oqT6IjYGX9y/
L1+XgR6Z9+gt+KCAoEgl5y2jJ5dP2yyreK56HrPXhjVR5EfbgZPlOeg74COCLwKc
b4Wc1u/fnoj/dEaWVNvEBIcj8CAkFma+eOX2pgSAJ8i27RHM4tY4uLX+R/2V8JYY
6hSq6d2LNakbuQ4IMYKcThr0QU1Uw8tFFx8NzvZJ8koCszZGL6I8BhnhUvuk7W+2
uga+yuXQz9oEmo9X8GX9xabhZlaCVl9bFZAj4plYF57owJ9UDhqSzwqaJfGtsy3U
G2xG8G3IrioVZ0myoaO3+mdHmshIuqWGBK5FYK6mgP2UvaFfjcd7AwxEp54WWPsS
/fOo58yRg0HkRMZp2+ktBHMaLs80NVAODG5w1d6TidEHUu6JU0KAKM7IIO79agqR
yNjju/4ngoOSUZXD/mY5XmxppTR6Id8WHfR97jnNEr9eUbzPsbztF7PxkP6rnWJ8
4VVTKeO5+8bga9VODlMSMiGZwv/hPNr9uonoz2X/TXHNb08UjIk=
=cJjg
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.