AOSA-2017-0044: UPDATE SYSTEMD

JUNE 29, 2017

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. – Linus Torvalds

Please update your systemd package to version 2.3.3-4.

A security vulnerability was recently discovered in systemd-resolved (DNS resolve configuration daemon) that…

Certain sizes passed to dns_packet_new can cause it to allocate a buffer that’s too small. A page-aligned number - sizeof(DnsPacket) + sizeof(iphdr) + sizeof(udphdr) will do this - so, on x86 this will be a page-aligned number - 80. Eg, calling dns_packet_new with a size of 4016 on x86 will result in an allocation of 4096 bytes, but 108 bytes of this are for the DnsPacket struct.

A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that’s too small, and subsequently write arbitrary data beyond the end of it.

This security vulnerability was assigned CVE-2017-9445.

Relevant documentation:

1498703421859