We manually enable systemd-resolved.service on xenial. It's installed though it is not the default. Does that mean we are not going to get the fix for this?
I'm also not an expert on NSEC/DNSSEC. Is this something that any random app that uses DNS can be vulnerable too, or does it require a program to specifically be trying to invoke DNSSEC somehow? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1725351 Title: Systemd - Remote DOS of systemd-resolve service Status in systemd package in Ubuntu: In Progress Status in systemd source package in Zesty: Fix Released Status in systemd source package in Artful: Fix Released Status in systemd source package in Bionic: In Progress Bug description: Hello, We would like to report a vulnerability about systemd which allows to DOS the systemd-resolve service. The vulnerability is described in the attached PDF file. Sincerely, Thomas IMBERT Sogeti ESEC R&D To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
