Arch Linux Security Advisory ASA-201707-5 ========================================= Severity: Medium Date : 2017-07-04 CVE-ID : CVE-2017-9217 Package : systemd Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-337 Summary ======= The package systemd before version 233-7 is vulnerable to denial of service. Resolution ========== Upgrade to 233-7. # pacman -Syu "systemd>=233-7" The problem has been fixed upstream in version 233. Workaround ========== None. Description =========== A security issue has been found in systemd-resolved, allowing a remote attacker to cause a denial of service (daemon crash via NULL-pointer dereference) via a crafted DNS response with an empty question section. Impact ====== A remote attacker can cause a denial of service via a crafted DNS response. References ========== https://github.com/systemd/systemd/commit/262d95fecd357343887709006188f690cfe040a9 https://github.com/systemd/systemd/pull/6020 https://security.archlinux.org/CVE-2017-9217