Debian Bug report logs -
#863277
systemd: CVE-2017-9217: systemd-resolved crashed with SIGSEGV in dns_packet_is_reply_for()
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
:
Bug#863277
; Package src:systemd
.
(Wed, 24 May 2017 18:30:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
.
(Wed, 24 May 2017 18:30:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: systemd
Version: 232-23
Severity: important
Tags: patch upstream security
Forwarded: https://github.com/systemd/systemd/pull/5998
Hi,
the following vulnerability was published for systemd.
CVE-2017-9217[0]:
| systemd-resolved through 233 allows remote attackers to cause a denial
| of service (daemon crash) via a crafted DNS response with an empty
| question section.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9217
[1] https://github.com/systemd/systemd/pull/5998
[2] https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
[3] https://bugzilla.novell.com/show_bug.cgi?id=1040614
Please adjust the affected versions in the BTS as needed. I think the
version in jessie should not be affected; unless I'm wrong (and then
please correct me) the resolved: DNS client stub resolver was only
introduced post v216, and the issue maybe even later (post v219). But
would be greatly appreciated if you can confirm that.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
:
Bug#863277
; Package src:systemd
.
(Mon, 29 May 2017 12:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Biebl <biebl@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
.
(Mon, 29 May 2017 12:09:03 GMT) (full text, mbox, link).
Message #10 received at 863277@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Salvatore!
On Wed, 24 May 2017 20:27:22 +0200 Salvatore Bonaccorso
<carnil@debian.org> wrote:
> Source: systemd
> Version: 232-23
> Severity: important
> Tags: patch upstream security
> Forwarded: https://github.com/systemd/systemd/pull/5998
>
> Hi,
>
> the following vulnerability was published for systemd.
>
> CVE-2017-9217[0]:
> | systemd-resolved through 233 allows remote attackers to cause a denial
> | of service (daemon crash) via a crafted DNS response with an empty
> | question section.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2017-9217
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9217
> [1] https://github.com/systemd/systemd/pull/5998
> [2] https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
> [3] https://bugzilla.novell.com/show_bug.cgi?id=1040614
>
> Please adjust the affected versions in the BTS as needed. I think the
> version in jessie should not be affected; unless I'm wrong (and then
> please correct me) the resolved: DNS client stub resolver was only
> introduced post v216, and the issue maybe even later (post v219). But
> would be greatly appreciated if you can confirm that.
I've marked it as found in v217-1, as this was the first version after
v216 uploaded to the archive. It doesn't matter to much if it's v217 or
v219 I think. Those uploads all landed in experimental at that time.
As for the bug itself: We don't enable resolved by default in Debian: Do
you think this bug is important enough that we should get this into 9.0?
I'd have to ask for an unlock request then.
Otherwise I'd just queue this fix in the stretch branch and try to get
this into 9.1.
For now, I'll apply this fix to v233 which is currently in experimental.
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
:
Bug#863277
; Package src:systemd
.
(Mon, 29 May 2017 12:12:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
.
(Mon, 29 May 2017 12:12:04 GMT) (full text, mbox, link).
Message #15 received at 863277@bugs.debian.org (full text, mbox, reply):
Hi Michael,
On Mon, May 29, 2017 at 02:04:17PM +0200, Michael Biebl wrote:
> Hi Salvatore!
>
> On Wed, 24 May 2017 20:27:22 +0200 Salvatore Bonaccorso
> <carnil@debian.org> wrote:
> > Source: systemd
> > Version: 232-23
> > Severity: important
> > Tags: patch upstream security
> > Forwarded: https://github.com/systemd/systemd/pull/5998
> >
> > Hi,
> >
> > the following vulnerability was published for systemd.
> >
> > CVE-2017-9217[0]:
> > | systemd-resolved through 233 allows remote attackers to cause a denial
> > | of service (daemon crash) via a crafted DNS response with an empty
> > | question section.
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2017-9217
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9217
> > [1] https://github.com/systemd/systemd/pull/5998
> > [2] https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
> > [3] https://bugzilla.novell.com/show_bug.cgi?id=1040614
> >
> > Please adjust the affected versions in the BTS as needed. I think the
> > version in jessie should not be affected; unless I'm wrong (and then
> > please correct me) the resolved: DNS client stub resolver was only
> > introduced post v216, and the issue maybe even later (post v219). But
> > would be greatly appreciated if you can confirm that.
>
> I've marked it as found in v217-1, as this was the first version after
> v216 uploaded to the archive. It doesn't matter to much if it's v217 or
> v219 I think. Those uploads all landed in experimental at that time.
Ack thanks.
> As for the bug itself: We don't enable resolved by default in Debian: Do
> you think this bug is important enough that we should get this into 9.0?
> I'd have to ask for an unlock request then.
>
> Otherwise I'd just queue this fix in the stretch branch and try to get
> this into 9.1.
*If* you have other fixes which should go in stretch, then it might be
good to include it. Otherwise I agree, can be fixed in buster and then
in stretch via a point release!
> For now, I'll apply this fix to v233 which is currently in experimental.
Ok!
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
:
Bug#863277
; Package src:systemd
.
(Mon, 29 May 2017 12:21:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Biebl <biebl@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
.
(Mon, 29 May 2017 12:21:06 GMT) (full text, mbox, link).
Message #20 received at 863277@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Am 29.05.2017 um 14:10 schrieb Salvatore Bonaccorso:
> On Mon, May 29, 2017 at 02:04:17PM +0200, Michael Biebl wrote:
>> As for the bug itself: We don't enable resolved by default in Debian: Do
>> you think this bug is important enough that we should get this into 9.0?
>> I'd have to ask for an unlock request then.
>>
>> Otherwise I'd just queue this fix in the stretch branch and try to get
>> this into 9.1.
>
> *If* you have other fixes which should go in stretch, then it might be
> good to include it. Otherwise I agree, can be fixed in buster and then
> in stretch via a point release!
There are a few fixes in the stretch branch which aren't uploaded yet.
They are not terribly urgent. That said, I'll just ask the release / d-i
team if they are ok with the upload, I guess.
If they have concerns, I'm happy to defer this to 9.1
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
[signature.asc (application/pgp-signature, attachment)]
Marked as found in versions systemd/217-1.
Request was from Michael Biebl <biebl@debian.org>
to control@bugs.debian.org
.
(Mon, 29 May 2017 12:33:06 GMT) (full text, mbox, link).
Reply sent
to Michael Biebl <biebl@debian.org>
:
You have taken responsibility.
(Mon, 29 May 2017 13:21:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Mon, 29 May 2017 13:21:05 GMT) (full text, mbox, link).
Message #27 received at 863277-close@bugs.debian.org (full text, mbox, reply):
Source: systemd
Source-Version: 233-8
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 863277@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 29 May 2017 14:12:08 +0200
Source: systemd
Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump systemd-tests libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb
Architecture: source
Version: 233-8
Distribution: experimental
Urgency: medium
Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
libnss-myhostname - nss module providing fallback resolution for the current hostname
libnss-mymachines - nss module to resolve hostnames for local container instances
libnss-resolve - nss module to resolve names via systemd-resolved
libnss-systemd - nss module providing dynamic user and group name resolution
libpam-systemd - system and service manager - PAM module
libsystemd-dev - systemd utility library - development files
libsystemd0 - systemd utility library
libudev-dev - libudev development files
libudev1 - libudev shared library
libudev1-udeb - libudev shared library (udeb)
systemd - system and service manager
systemd-container - systemd container/nspawn tools
systemd-coredump - tools for storing and retrieving coredumps
systemd-journal-remote - tools for sending and receiving remote journal logs
systemd-sysv - system and service manager - SysV links
systemd-tests - tests for systemd
udev - /dev/ and hotplug management daemon
udev-udeb - /dev/ and hotplug management daemon (udeb)
Closes: 861769 863277
Changes:
systemd (233-8) experimental; urgency=medium
.
* Bump debhelper compatibility level to 10
* Drop versioned Build-Depends on dpkg-dev.
It's no longer necessary as even Jessie ships a new enough version.
* timesyncd: don't use compiled-in list if FallbackNTP has been configured
explicitly (Closes: #861769)
* resolved: fix null pointer p->question dereferencing.
This fixes a bug which allowed a remote DoS (daemon crash) via a crafted
DNS response with an empty question section.
Fixes: CVE-2017-9217 (Closes: #863277)
Checksums-Sha1:
ebf12c8f5ca0eb96d511d89b15a2e8edd8871b72 4833 systemd_233-8.dsc
41b4dbdd6f8415a417493d3057d33dc55cb0ad5f 142576 systemd_233-8.debian.tar.xz
799b9e47b482a4310b0ff590c243e7ae3289f675 10026 systemd_233-8_source.buildinfo
Checksums-Sha256:
d5512586472d21601e4ce164a4a3cd27de4ee099773f1e705287a73b5d325958 4833 systemd_233-8.dsc
6316a7e78613bcd4cc816d70c01cb82604c83034a09a378422294fd3fdd42580 142576 systemd_233-8.debian.tar.xz
0982820894677aca6515b27eb390c56be605dd0a306444ab0793eb26ce0d94e7 10026 systemd_233-8_source.buildinfo
Files:
a39c51f94ec5f6eb951c60098dd60e24 4833 admin optional systemd_233-8.dsc
652310a2cf055166b9b0bc8775040def 142576 admin optional systemd_233-8.debian.tar.xz
2a55827aa628365f5503b1a10036a499 10026 admin optional systemd_233-8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlksGw0ACgkQauHfDWCP
Ity8YQ//VL3M2dCz4FK3gG5WtsgctkUM53tftMCdE5sBB2KkWvoteqLEc0N8F9i+
N9ifobEU8d9mKwTxmsF0j9ZI8YObokL7k0M93AHt8t3eg08yh7Cw5PlIt7JM+p0a
6mEfc2xtDR8vo9CG6123EmxtHixSJ87vAlu4yVt1UVinJkJyMhORap32kVDIK3QI
DnH8uD/+t4Av06T/V76f1+tXRUTQ1WtE9Msjpdp0CP8dYpmeLXTGdgL4DtM/IM/8
I7+++IWPbY9A9/HNePoEDDoyvUiUBc8WJSJw2SSzfRO9o0khGTEiBeEU2BcBTA3o
L2PgLQeOQrQag6JI2Y70KWZtZ4mZqZSiBnBqPZRfDDQSFdSNCn8stz97ftbs0wQH
W4vssUJIwekRzXnMwWGlUxtYVPVi4Y7nFo722ix9C3MqyG+GUANOIGvqKmOK45xS
07gnQ8XLxpRZQneW3gFIfm24L2zHUVyFAXFG7FR6hv46fMy1t0H6qtwZ8ww5Dh48
RSyIdsoX5JOkx/Y+q7XXxxHP+t3+l9S00gZjbJiYqZ3zWgXXfU0xatAw+4BKFpvl
atzdSjraaoGUtcdVsYZcYe21MBmuOw0Lr/FrGmReblUPthvtUevq2lOSyOo82hDX
jE6CpySAW8K9Go1clUQ3GS3p4nZaYZNLitEeayCSft3JGho0fEc=
=RsXR
-----END PGP SIGNATURE-----
Reply sent
to Michael Biebl <biebl@debian.org>
:
You have taken responsibility.
(Mon, 29 May 2017 22:21:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Mon, 29 May 2017 22:21:05 GMT) (full text, mbox, link).
Message #32 received at 863277-close@bugs.debian.org (full text, mbox, reply):
Source: systemd
Source-Version: 232-24
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 863277@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 29 May 2017 16:25:43 +0200
Source: systemd
Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb
Architecture: source
Version: 232-24
Distribution: unstable
Urgency: medium
Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
libnss-myhostname - nss module providing fallback resolution for the current hostname
libnss-mymachines - nss module to resolve hostnames for local container instances
libnss-resolve - nss module to resolve names via systemd-resolved
libnss-systemd - nss module providing dynamic user and group name resolution
libpam-systemd - system and service manager - PAM module
libsystemd-dev - systemd utility library - development files
libsystemd0 - systemd utility library
libudev-dev - libudev development files
libudev1 - libudev shared library
libudev1-udeb - libudev shared library (udeb)
systemd - system and service manager
systemd-container - systemd container/nspawn tools
systemd-coredump - tools for storing and retrieving coredumps
systemd-journal-remote - tools for sending and receiving remote journal logs
systemd-sysv - system and service manager - SysV links
udev - /dev/ and hotplug management daemon
udev-udeb - /dev/ and hotplug management daemon (udeb)
Closes: 862292 863277
Changes:
systemd (232-24) unstable; urgency=medium
.
[ Felipe Sateler ]
* Specify nobody user and group.
Otherwise nss-systemd will translate to group 'nobody', which doesn't
exist on debian systems.
.
[ Michael Biebl ]
* Add Depends: procps to systemd.
It's required by /usr/lib/systemd/user/systemd-exit.service which calls
/bin/kill to stop the systemd --user instance. (Closes: #862292)
* resolved: fix null pointer p->question dereferencing.
This fixes a bug which allowed a remote DoS (daemon crash) via a crafted
DNS response with an empty question section.
Fixes: CVE-2017-9217 (Closes: #863277)
Checksums-Sha1:
75d94a757951e500c2aeb90e85430e366d43a1f1 4769 systemd_232-24.dsc
39d75ae7fa58b95d84207ad5bcf4c59abf0f2052 200176 systemd_232-24.debian.tar.xz
1c0aa4ac81f23e5a05bde7984365aa142614e486 9707 systemd_232-24_source.buildinfo
Checksums-Sha256:
575c4c682fe7c405a78a0a6c6f10a55e1e88f2b62c956548779f20eaf2e3fb52 4769 systemd_232-24.dsc
4d65e7a038e9d1132f0a3088ba2658d08358c2d090bee1989dba5f10a1dd0d55 200176 systemd_232-24.debian.tar.xz
f078f443f7634f5e48bc06bb2e668b03c1ad6156d4450cc76364df91a412111f 9707 systemd_232-24_source.buildinfo
Files:
1e1bb4455c3689a01b8d302245f5c4db 4769 admin optional systemd_232-24.dsc
471a22a30f780b16b48e9d443ec92245 200176 admin optional systemd_232-24.debian.tar.xz
de0f3ba9a9bf6d8258a1c4db6444a096 9707 admin optional systemd_232-24_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlksnBcACgkQauHfDWCP
ItyIUBAAlPLmU+tx3Ntx/PVpOb192fYbIhtwv/kYKNHHqO8ELBFvxxuZsktPtMeb
Zap6wZLIHw715h0uDqvjA47QB5erI4V/HWfCpR0h5ORokHkzEW/JfaL2QngptWt2
5ZeQZpGhsZAAfrlG+iNQKPdwHH8yWZNeHIjcfTWWtddCDrx38ufZ8lyFNTdqA68Q
0bMgV1d2RlTtB6jNRCkiemRWxQu2wov0lUZ0hM97Rm7cpcQ/vNuEhuem6S9E2AFe
VGVonOduD8X0bJ0T0UgJMliTylPHBtr1wsb+SWp2/Qg1ZwVPDngMDr9vz82OO9zt
+K26f5WlUoSds30eHSX5xE1ohx6vguHMoV+UCgCaVApsG/lRoufexD5I8etFqKuC
b7/YeZnajZyvN4x/hHfzBcSfxr0lPCr6JrrN59KsVyu49AiuEjvQQr4iw+DwYim1
7JYukxfssNTycZLCnYIlnb/zc2M6TKUU6W2fzNmwNcLXgk0pwO46FMVr9ppPNADJ
busd2gIWsBa2bfQ6AJuWYrqyfyfBSBbijisZJObDn2rNliwiShp2hWCj8SH7GjSC
sROrsW2fgQHxGXWwKHYjfi8dz5vTT4iVH7pMkLxYxEvVRS/hX6l9yBSLChx2aeSr
cXAk9cOG6addlq3v4Yh5sqqi7IzUSgO0Grt4QAigPtacXCZDrFM=
=LUvL
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 27 Jun 2017 07:30:34 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:41:08 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.