Issues just keep piling up:
https://www.ubuntu.com/usn/usn-3341-1/
Summary
systemd-resolved could be made to crash or run programs if it received a
specially crafted DNS response.
Details
An out-of-bounds write was discovered in systemd-resolved when handling
specially crafted DNS responses. A remote attacker could potentially
exploit this to cause a denial of service (daemon crash) or execute
arbitrary code. (CVE-2017-9445)
Maybe it's me, but what the hell is a DNS resolver doing inside an init
system?