Perry E. Metzger wrote: > Howdy! CVE-2017-9445 is a remotely exploitable bug in systemd. It was > first announced to the public about four or five days ago, not sure > when it would have been announced to the security team. > > Am I correct in interpreting this: > https://security-tracker.debian.org/tracker/CVE-2017-9445 > as meaning a fix to it still isn't in sid, and therefore is not > yet in the process of percolating down to stretch? > > Is there a preferred way of temporarily mitigating the problem? > Remote exploitation that you can trigger by forcing a program to DNS > queries seems kind of bad. > > Perry
I don't think it is that new as I have not done any upgrades recently and I have dpkg -l | grep systemd ii libpam-systemd:amd64 215-17+deb8u7 amd64 system and service manager - PAM module ii libsystemd0:amd64 215-17+deb8u7 amd64 systemd utility library and in the CVE-2017-9445 it says it is fixed in jessie in the above mentioned versions ... so it must be at least few weeks old as I recently updated back then. regards