Wednesday, June 28, 2017

New systemd Vulnerability Affects Ubuntu 17.04 and Ubuntu 16.10, Update Now

Canonical informs Ubuntu users that it updated the systemd packages in the Ubuntu 16.10 (Yakkety Yak) and Ubuntu 17.04 (Zesty Zapus) operating systems to patch a recently discovered security issue.

The new systemd vulnerability (CVE-2017-9445) appears to affect the systemd-resolved component, which could allow a remote attacker to crash the systemd daemon by causing a denial of service or run malicious programs on the vulnerable, unpatched machines by using a specially crafted DNS response.

"In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it," reads Canonical's read more)

from Softpedia News / Linux http://ift.tt/2tZQZem
via IFTTT

No comments:

Post a Comment

Playing Grand Theft Auto Inside A Neural Network’s Hallucination? It’s Possible!

Ever imagined what a Neural Network's hallucination would look like? The post Playing Grand Theft Auto Inside A Neural Network’s Halluc...