Canonical informs Ubuntu users that it updated the systemd packages in the Ubuntu 16.10 (Yakkety Yak) and Ubuntu 17.04 (Zesty Zapus) operating systems to patch a recently discovered security issue.
The new systemd vulnerability (CVE-2017-9445) appears to affect the systemd-resolved component, which could allow a remote attacker to crash the systemd daemon by causing a denial of service or run malicious programs on the vulnerable, unpatched machines by using a specially crafted DNS response.
“In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that’s too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that’s too small, and subsequently write arbitrary data beyond the end of it,” reads Canonical’s <a href="http://people.canonical.com/~ubuntu-security/… (read more)
Remember to like our facebook and our twitter @ubuntufree for a chance to win a free Ubuntu laptop by Dell or HP!
Top Trending Pages: Ubuntu Downloads | Ubuntu How To Guide | Download Ubuntu Software | Share Ubuntu Files With Windows
