Launchpad.net

CVE 2017-15908

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.

Related bugs and status

CVE-2017-15908 (Candidate) is related to these bugs:

Bug #1618188: systemd journal should be persistent by default: /var/log/journal should be created

		In	Importance	Status
1618188	systemd journal should be persistent by default: /var/log/journal should be created	systemd (Ubuntu)	Wishlist	Fix Released
1618188	systemd journal should be persistent by default: /var/log/journal should be created	systemd (Ubuntu Bionic)	Wishlist	Fix Released
1618188	systemd journal should be persistent by default: /var/log/journal should be created	systemd (Ubuntu Zesty)	Undecided	Won't Fix
1618188	systemd journal should be persistent by default: /var/log/journal should be created	systemd (Ubuntu Xenial)	Undecided	Won't Fix
1618188	systemd journal should be persistent by default: /var/log/journal should be created	systemd (Ubuntu Artful)	Undecided	Fix Released

Bug #1708409: kdump service does not start after configure/reboot

		In	Importance	Status
1708409	kdump service does not start after configure/reboot	systemd (Ubuntu)	High	Fix Released
1708409	kdump service does not start after configure/reboot	The Ubuntu-power-systems project	High	Fix Released
1708409	kdump service does not start after configure/reboot	makedumpfile (Ubuntu)	Wishlist	Fix Released
1708409	kdump service does not start after configure/reboot	makedumpfile (Ubuntu Artful)	Wishlist	Fix Released
1708409	kdump service does not start after configure/reboot	systemd (Ubuntu Artful)	High	Fix Released
1708409	kdump service does not start after configure/reboot	makedumpfile (Ubuntu Bionic)	Wishlist	Fix Released
1708409	kdump service does not start after configure/reboot	systemd (Ubuntu Bionic)	High	Fix Released

Bug #1709649: 229 backport for race between explicit mount and handling automount

		In	Importance	Status
1709649	229 backport for race between explicit mount and handling automount	systemd (Ubuntu)	Undecided	Fix Released
1709649	229 backport for race between explicit mount and handling automount	systemd (Ubuntu Xenial)	High	Fix Released
1709649	229 backport for race between explicit mount and handling automount	systemd (Ubuntu Zesty)	Medium	Fix Released
1709649	229 backport for race between explicit mount and handling automount	systemd (Ubuntu Artful)	Undecided	Fix Released

Bug #1721223: Networkd fail to set ip address between leases if ip address changes on UbuntuCore

		In	Importance	Status
1721223	Networkd fail to set ip address between leases if ip address changes on UbuntuCore	systemd (Ubuntu)	High	Fix Released
1721223	Networkd fail to set ip address between leases if ip address changes on UbuntuCore	systemd (Ubuntu Xenial)	Undecided	Fix Released
1721223	Networkd fail to set ip address between leases if ip address changes on UbuntuCore	snapd	High	Fix Committed
1721223	Networkd fail to set ip address between leases if ip address changes on UbuntuCore	systemd (Ubuntu Artful)	High	Fix Released
1721223	Networkd fail to set ip address between leases if ip address changes on UbuntuCore	systemd (Ubuntu Zesty)	Undecided	Won't Fix

Bug #1725348: Systemd - Bypassing MemoryDenyWriteExecution policy

		In	Importance	Status
1725348	Systemd - Bypassing MemoryDenyWriteExecution policy	systemd (Ubuntu)	Undecided	Fix Released
1725348	Systemd - Bypassing MemoryDenyWriteExecution policy	systemd (Ubuntu Bionic)	Undecided	Fix Released
1725348	Systemd - Bypassing MemoryDenyWriteExecution policy	systemd (Ubuntu Zesty)	Undecided	Won't Fix
1725348	Systemd - Bypassing MemoryDenyWriteExecution policy	systemd (Ubuntu Xenial)	Undecided	Invalid
1725348	Systemd - Bypassing MemoryDenyWriteExecution policy	systemd (Ubuntu Artful)	Undecided	Fix Released

Bug #1725351: Systemd - Remote DOS of systemd-resolve service

		In	Importance	Status
1725351	Systemd - Remote DOS of systemd-resolve service	systemd (Ubuntu)	Undecided	Fix Released
1725351	Systemd - Remote DOS of systemd-resolve service	systemd (Ubuntu Zesty)	Undecided	Fix Released
1725351	Systemd - Remote DOS of systemd-resolve service	systemd (Ubuntu Bionic)	Undecided	Fix Released
1725351	Systemd - Remote DOS of systemd-resolve service	systemd (Ubuntu Artful)	Undecided	Fix Released

Bug #1734167: DNS doesn't work in no-cloud as launched by ubuntu

		In	Importance	Status
1734167	DNS doesn't work in no-cloud as launched by ubuntu	cloud-init	High	Fix Released
1734167	DNS doesn't work in no-cloud as launched by ubuntu	cloud-init (Ubuntu)	Critical	Fix Released
1734167	DNS doesn't work in no-cloud as launched by ubuntu	systemd (Ubuntu)	Critical	Fix Released
1734167	DNS doesn't work in no-cloud as launched by ubuntu	cloud-init (Ubuntu Artful)	Critical	Won't Fix
1734167	DNS doesn't work in no-cloud as launched by ubuntu	systemd (Ubuntu Artful)	High	Fix Released
1734167	DNS doesn't work in no-cloud as launched by ubuntu	systemd (Ubuntu Bionic)	Critical	Fix Released
1734167	DNS doesn't work in no-cloud as launched by ubuntu	cloud-init (Ubuntu Zesty)	Undecided	Fix Released
1734167	DNS doesn't work in no-cloud as launched by ubuntu	systemd (Ubuntu Zesty)	Undecided	Fix Released

Bug #1734410: systemd: handle undelegated cgroup2 hierarchy

		In	Importance	Status
1734410	systemd: handle undelegated cgroup2 hierarchy	systemd (Ubuntu)	Undecided	Fix Released
1734410	systemd: handle undelegated cgroup2 hierarchy	systemd (Ubuntu Artful)	Undecided	Fix Released
1734410	systemd: handle undelegated cgroup2 hierarchy	systemd (Ubuntu Bionic)	Undecided	Fix Released
1734410	systemd: handle undelegated cgroup2 hierarchy	systemd (Ubuntu Xenial)	Undecided	Invalid
1734410	systemd: handle undelegated cgroup2 hierarchy	systemd (Ubuntu Zesty)	Undecided	Won't Fix

Bug #1734908: systemd-rfkill service times out when a new rfkill device is added

Summary				In	Importance	Status
	1734908	systemd-rfkill service times out when a new rfkill device is added		systemd (Ubuntu)	High	Fix Released
	1734908	systemd-rfkill service times out when a new rfkill device is added		systemd (Ubuntu Artful)	High	Fix Released

Bug #1736955: dep8 test systemd-fsckd fails on s390

		In	Importance	Status
1736955	dep8 test systemd-fsckd fails on s390	systemd (Ubuntu)	Undecided	Fix Released
1736955	dep8 test systemd-fsckd fails on s390	systemd (Ubuntu Artful)	Medium	Fix Released
1736955	dep8 test systemd-fsckd fails on s390	systemd (Ubuntu Zesty)	Undecided	Won't Fix

Bug #1737570: Add support for RequiredForOnline in networkd

		In	Importance	Status
1737570	Add support for RequiredForOnline in networkd	systemd (Ubuntu)	Undecided	Fix Released
1737570	Add support for RequiredForOnline in networkd	systemd (Ubuntu Xenial)	Undecided	Fix Released
1737570	Add support for RequiredForOnline in networkd	systemd (Ubuntu Bionic)	Undecided	Fix Released
1737570	Add support for RequiredForOnline in networkd	systemd (Ubuntu Zesty)	Undecided	Won't Fix
1737570	Add support for RequiredForOnline in networkd	systemd (Ubuntu Artful)	Undecided	Fix Released

Bug #1750608: Fixup ADT tests

Summary				In	Importance	Status
	1750608	Fixup ADT tests		systemd (Ubuntu)	Undecided	Fix Released
	1750608	Fixup ADT tests		systemd (Ubuntu Artful)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
CONFIRM: https://github.com/sys...
SECTRACK: 1039662
BID: 101600
UBUNTU: USN-3558-1