Vulnerability CVE-2023-7008: Information
Description
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
systemd | p10 | 249.17-alt1 | 249.17-alt2 | ALT-PU-2024-1263-2 | 338475 | Fixed |
systemd | c10f1 | 249.17-alt2 | 249.17-alt2 | ALT-PU-2024-6023-2 | 344501 | Fixed |