Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Ubuntu Security Linux

Vulnerability Discovered In Latest Ubuntu Distributions, Users Advised To Update (ubuntu.com) 159

Celarent Darii writes: There is a vulnerability in the latest ubuntu distributions due to the DNS resolver included in systemd. The inclusion of the dns resolver was lamented by many on the mailing list, not without cause. All are advised to update their distribution.
This discussion has been archived. No new comments can be posted.

Vulnerability Discovered In Latest Ubuntu Distributions, Users Advised To Update

Comments Filter:
  • by Anonymous Coward
    Millions of Windows machines got hit yesterday with NotPetya, so this DNS vulnerability is proof that Linux is just as insecure because millions of Linux machines... didn't.
    • Finally, the proof! When we arrest Linus, should it be the death sentence or just prison for life?

    • The problem isn't with Linux, it's with systemd. I do use a distro that unfortunately uses systemd. I was actually surprised at how fast systemd infected so many distributions when so many people seemed to complain about it. There seemed to be a lot of arguments over at Debian, so much that a group of those involved left to create a fork of Debian. I haven't had any problems with it yet, but I am wary of it, and how it goes against what Linux is.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      interestingly enough, everyone who argued against systemd has been validated. Systemd is a cancer and should be irradicated from all distributions. Systemd is an active effort to fuck over Linux to be more like Windows. As systemd continues to be used, Linux continues to become as broken, dysfunctional, and unsecure as Windows.

      Only the dumb of the dumb actually champion systemd.

  • by Anonymous Coward

    I had nothing but issues and uninstalled it and went back to dnsmasq... not a problem since. I wish they would just quit throwing the kitchen, bathroom, outside sinks into this mess.

    • by aardvarkjoe ( 156801 ) on Wednesday June 28, 2017 @02:41PM (#54706435)

      What problem do the systemd guys think that they're solving by adding a half-assed dns resolver to systemd? Is it just because they can't stand to have any software that's not under their direct control?

      • by ordinal ( 110255 )

        Really half assed - I changed to dnsmasq then changed distro because of the mess DNS is in 17.04 - worst Ubuntu release since switching from Redhat to Ubuntu about 10 years ago and all down to this single issue (and tbh one of the worst issues of breakage of something that previously worked I've seen in nearly 25 years of linux experience).

        Changing one of the most critical subsystems seems to have been done with little testing (esp home use not with corporate dns) and lack of attention to bug reports during

      • by gweihir ( 88907 )

        I believe it is that they have by now gotten away with so many bad decisions, crappy design and broken implementation, that they think they cannot be touched. Considering the extreme stupidity evident in the adoption of systemd as main init system in many distros, they have a point.

        • "I believe it is that they have by now gotten away with so many bad decisions"

          Such as embedding the Google DNS addresses into the make file of the SystemD compile script - yea really. Have these people any idea of the security implications of embedding a fixed IP address into the DNS resolver. For instance disabling the local DNS server, blocking 8.8.8.8 and firing up your own box at 8.8.8.8. What F*****G genius thought of this particular hack. "This setting is hence only used if no other DNS server info
  • I'm amazed! (Score:3, Funny)

    by Vlijmen Fileer ( 120268 ) on Wednesday June 28, 2017 @01:06PM (#54705659)

    No kidding. Do all of you folks see my amazed look? :/
    B.t.w. does anybody know if systemd already ships its own OS?

  • by guruevi ( 827432 ) <eviNO@SPAMevcircuits.com> on Wednesday June 28, 2017 @01:10PM (#54705697) Homepage

    I think systemd is a Microsoft plant. It's basically INI files for Linux. Next week he'll upgrade us all to a 'central registry' and you'll need a GUI to edit it.

    • Because let's pretend that INI files have not been in wide use on Unix for decades?
  • Too many people lie to hurt Linux because they're corporate shill or just simply hate freedom. The newest version of systemd that we make available for 14.40 is 229-4ubuntu17. This idiot lies and claims that 231-9ubuntu5 fixes the problem. That version does not exist. The attacks from people like Oracle and Microsoft are getting more desperate. Their constant spew of hate must be working because they're investing more money in paying these people to spew more lies.

  • by Anonymous Coward

    PulseAudio is a flaky disaster as is the developer behind it. But systemd is scaled up full retard. Who, in their right mind, thinks, "Gee, I should plop my own homegrown DNS resolver into my system service startup tool. Nothing could go wrong with that." Let's forget that BIND went through many painful years of vulnerability management.

    • by Anonymous Coward

      Meh. I know you're trolling, but I'm bored and feel like rambling.

      I'd avoided PulseAudio for the longest time. I had like over a second of lag for anything I played through it. Nothing I could do to fix it. That was back when we had to use something because OSS would only let one process play sound at a time (unless your card had multiple DSPs) and for most of us that was aRts or ESD. Then ALSA came along with dmix and all was good.

      (I've also used JACK, mostly as an effects box for guitar, but if you j

    • by gweihir ( 88907 )

      Incompetence coupled with extreme arrogance. The same old story all over again, although the morons that decided that systemd is ready for mainstream usage are the truly "special" ones here. There are a lot of incompetent coders out there and the Poettering-cabal was _known_ to be incompetent before, but instead of simply ignoring this broken mess and the cretins behind it, they had to make it the default init-system and apparently now default everything else.

  • by Anonymous Coward

    Systemd is just a piece of crap. It's slow, bloated, broken, and a security hole waiting to be exploited. I propose that all linux distros revert back to init.d and dispose of this garbage code at a microsoft coding camp.

  • Dare I say it? (Score:5, Insightful)

    by DontBeAMoran ( 4843879 ) on Wednesday June 28, 2017 @01:38PM (#54705919)

    Here goes: systemd, the cause of all modern Linux problems.

    systemd is completely backward in how unix systems are built. You're supposed to have tiny programs do one job and do it well. systemd is a huge monolith that's assimilating everything on its path.

    Wait, why does that sound familiar?

    Anyone know if the authors of systemd are getting paid by Microsoft, by any chance?

    • by Anonymous Coward

      The grand irony here is at the same time MS is going in the opposite direction. Many things in Windows are now being handled by " tiny programs do one job and do it well".

      Reconfiguring Windows Server via the fancy GUI? It is quite literally a front-end to a bunch of Powershell commands, I shit you not.

    • Re:Dare I say it? (Score:5, Informative)

      by Kjella ( 173770 ) on Wednesday June 28, 2017 @02:56PM (#54706567) Homepage

      I'm not saying that systemd is the answer, but... the old init system worked great if all you ever needed was an init system. That is to say your machine got everything plugged in on boot, always on a wired network and always on AC. The only thing you need the init system for was to get you from cold hardware to a running state, then it could declare "my work here is done" and go into retirement until it was time for shutdown. For some people that's all they need, good for you. Anything dynamic has been a mess. Suspend/resume/hibernate, hot-plugging/unplugging, wired/wireless, connected/not connected to network, AC/battery, power management, docked/undocked, switchable graphics, the list goes on and on.

      The track record is not much better when it comes to shared resources like window managers, composited desktops, sound cards etc. that need some kind of mediator like a compositor or sound server. You can of course say that every application should solve this on their own, but the truth is that we know they don't and there's a huge patchwork of solutions that try to make applications play nice, often competing so this application will only work with that system-level service. I can understand that you don't want to support two init systems (SysV, systemd), four sound servers (PulseAudio, ALSA, Jack, OSS), two window managers (X11, Wayland) and so on.

      For this you want a modern POSIX, call it an "application execution environment" if you will. A running mediator between the applications and their surroundings, not just at boot but as long as the machine has power. Maybe this could be solved by a hundred small services of various kinds or at least that's its a better solution than one gigantic mess. But to pretend it's all working great is something of an exaggeration, to say the least.

      • Re:Dare I say it? (Score:5, Insightful)

        by chihowa ( 366380 ) on Wednesday June 28, 2017 @04:01PM (#54707101)

        The problem with systemd is the half-assed assimilation of more and more system functions.

        • Why does systemd even have its own DNS resolver?
        • How many people are working on it and reviewing the code for security issues?
        • Why was the whole thing rewritten from scratch instead of just writing a shim for the previously used, reviewed, secure resolvers that exist?

        It's not just DNS resolvers, either. I've had issues with systemd's own (very incomplete) SNTP client, which is used instead of more mature and robust clients. Why do they keep reinventing the wheel in such a sloppy way?

      • I'm not saying that systemd is the answer, but... the old init system worked great if all you ever needed was an init system. That is to say your machine got everything plugged in on boot, always on a wired network and always on AC. The only thing you need the init system for was to get you from cold hardware to a running state, then it could declare "my work here is done" and go into retirement until it was time for shutdown. For some people that's all they need, good for you. Anything dynamic has been a mess. Suspend/resume/hibernate, hot-plugging/unplugging, wired/wireless, connected/not connected to network, AC/battery, power management, docked/undocked, switchable graphics, the list goes on and on.

        I don't need all of that.

        When I want a working implementation of that, I just buy a MacBook and run macOS.

        Or run Windows, which also exists.

        I just need a server that doesn't shit itself between patch-runs, reboots and that doesn't f' up things that worked quite well for a decade (and continue to work quite well on OSs that didn't let an amateur design such a thing (which incidentally is also how Mac OS X got it right: they got people from NeXT and the guy who co-founded the FreeBSD project to head their Uni

      • by epine ( 68316 )

        Your entire post is a paean for a two-track solution: a sane, modular solution for servers (already extant), and a convenience solution for mobile devices (if under "convenience" one accepts that some, or many, or most reboots might not be optional).

        Slashdot is precisely that forum which caters first of all to the former group.

        In 1999, the Japanese firm NTT DoCoMo released the first smartphones to achieve mass adoption within a country. Smartphones became widespread in the late 2000s.

        Yeah? Slashdot was fou

    • You're supposed to have tiny programs do one job and do it well.

      emacs would like to have a word with you.

  • Some time ago I upgraded from 14.04 LTS to 16.04 LTS. Along the way I got some great new features, including:
    • A new version of CUPS that randomly crashes without warning or logging
    • A power management system that locks configuration files pertaining to my display settings whenever I put my laptop to sleep
    • Random obliteration of my .bash_history file

    What else can I look forward to if I download this update?

    • Re: (Score:1, Troll)

      by thegarbz ( 1787294 )

      Going for funny but lacking the insightful part. Systemd is still massively growing in use meaning the number of people available to discover issues is ever increasing as will the infant bugs. It is not yet "mature" and probably the biggest valid complaint is how many distros shipped it so early.

      That graph is the infant graph of every project. The only things that are different is the scales, but then unless you've worked on a massive multi-year piece of software you wouldn't recognise it.

      They need help.
      Wha

      • by Gravis Zero ( 934156 ) on Wednesday June 28, 2017 @05:53PM (#54708139)

        That graph is the infant graph of every project

        Sure... except that systemd has been around for seven years. It's not maturing because it's always expanding.

        They need help.

        I agree, they are rudderless boat that runs into other projects and absorbs them. What they need is vision but the project leaders are blind mice in a maze with no finish line. I cannot help them because they will not accept one of their ideas being rejected.

        What are YOU doing to help them? There's 617 things you could be working on.

        I've been writing a properly designed replacement to dislodge systemd. It's portable, superior but most importantly it follows the UNIX design philosophy. However, I will not be an enabler of those who work on systemd by cleaning up their messes for the next 30 years.

        Open source software is evolutionary and systemd too will go the way of the dinosaurs.

        • by gweihir ( 88907 )

          That graph is the infant graph of every project

          Sure... except that systemd has been around for seven years. It's not maturing because it's always expanding.

          And that is just it: They are making one of the worst beginners mistakes. And that they are still beginners after 7 years shows that there is something fundamentally wrong with them. The usual explanation is incompetence coupled with arrogance, and it does seem to fit well here. The incompetence makes them beginners and the arrogance prevents them from learning. In addition, they are also uneducated, as Brooks described the things they are doing wrong about 40 years ago.

          • And that they are still beginners after 7 years shows that there is something fundamentally wrong with them.

            Why don't you try and code a fundamental part of an OS that is attempting to manage every other part of the OS, then we'll see how long you take.

        • by CRC'99 ( 96526 )

          That graph is the infant graph of every project

          Sure... except that systemd has been around for seven years. It's not maturing because it's always expanding.

          They even made a game about systemd:

          http://agar.io/ [agar.io]

        • Sure... except that systemd has been around for seven years.

          And it has been in wide circulation for less than 3. I see you've never worked on a major piece of software before.

      • by gweihir ( 88907 )

        I will certainly not help a project that was fundamentally broken from the start, because its main developers are known incompetents with bad personalities that do not understand the Unix-philosophy at all. If I want to run something made by clueless morons, I just boot Windows, no need to replicate the same lack of understanding on Linux.

        • Yeah. It's fundamentally broken, that's exactly why the technical committees of all major distributions have adopted it. It's just as fundamentally broken as Windows, the OS that runs the entire world.

          Yep they've totally done goofed. How silly of them.

          p.s. You're an idiot.

          • by gweihir ( 88907 )

            I do not even need to comment on this. You made it amply clear who the idiot here actually is.

    • by gweihir ( 88907 )

      We have the most issues! Other projects cannot compete, so sad.

  • When I read the story, I immediately thought "Half the comments will be about Petya, the other half will lament how systemd is the spawn of hell".

    I was not disappointed.

  • News? (Score:1, Insightful)

    by sqorbit ( 3387991 )
    A vulnerability is found, update your system. How is that news? That should just be common practice. When security updates are released for your OS, update it. This is not news. Vulnerabilities are found often in all OSes. And updates are released. Seems to me like the article is attempting to call out Ubuntu rather that actually inform and educate.
    • by Anonymous Coward

      It's news because it's a vulnerability in a systemd component and Slashdot loves a good systemd story.

    • A vulnerability is found, update your system. How is that news?

      There's three types of vulnerabilities that make the news here:
      1) Windows vulnerabilities - because Slashdot loves a good laugh.
      2) Linux vulnerabilities - because Slashdot loves freaking out.
      3) Systemd vulnerbilities - because Slashdot loves thinking they were right and systemd is evil.

      This is a 2 out of 3. I suspect by the morning there will be 900 comments and the Slashdot mobile interface will rate this as the story with the most interest and activity, ... errr I mean the most ad revenue.

      • the story with the most interest and activity, ... errr I mean the most ad revenue.

        Beat me to it. Systemd articles generate page views. We know this, yet here we are, contributing to the dumpster fire.

    • Yes, News! (Score:4, Interesting)

      by thesupraman ( 179040 ) on Wednesday June 28, 2017 @08:34PM (#54709081)

      The news is clear, Shill.

      The news here is that systemd, in its usual 'we know better than anyone, even though we have very very little experience' way replaced perfectly functional systems for the most dubious of reasons (usually 'because we want to make them different, and cannot even be bothered raising our reasons with maintainers of existing solutions because then we may need to rationalise what we want'), and went away and implemented a system broken in a way SO foolish that the existing solutions have addressed exactly these issues decades ago.
      Not to mention the fact that they have worked hard to try and make it unavoidable that ALL linux solutions will end up with the problems caused by their basic ignorance by making systemd basically indespensible.

      Clear enough? Or perhaps you think a trivially exploitable and almost indefensible DNS bug, along with a file system wiping bug (the good old rm ../...) are just minor bumps on the road to nirvana?

      Of course the clear and obvious REASON for systemd is a power grab by RedHat to give them control of the Linux 'standard'. It is unfortunate that they cannot see past their own grab at power to see how damaging such an approach is to the robustness of Linux itself -they must turn away, stick their fingers in their ears, and sing 'la la la la, wont happen to us, la la la la' loudly to themselves each time a big windows exploit drops these days.. Because that is the endpoint of the path they are following.

  • I had already swapped systemd-resolved for dnsmasq because that works.
  • Fed up with systemd, Linus switched his home machine to freebsd last year.
  • by what about ( 730877 ) on Wednesday June 28, 2017 @02:27PM (#54706339) Homepage

    Switch to slackware, devuan, gentoo...

    After all Linux is still a few percentage of desktop, no need to install Debian derivative
    We are competent admin, are we not ?

    Yes, it is painful to see such a great distro being overtaken by such a crap software.

    Live long and prosper

    • by Anonymous Coward

      > Switch to slackware, devuan, [...] no need to install Debian derivative
      You do realise that Devuan is advertised as systemd-free Debian, right?

  • Finally, we may be seeing the year of the Linux Desktop... ...Malware.

  • Whenever I see one of these vulnerability notices, I always go to to check/update my system, and I always find that my system has installed the fix itself, automatically. Honestly, it's really quite impressive. Nothing like the proprietary worlds. Thanks, Ubuntu, Debian, and the systemd teams!

  • Shitstemd apologists are too stupid to understand that by reinventing all these wheels also means reinventing all the bugs that have been long encountered and fixed in mature and stable code that shitstemd the project wants to reinvent.

    It doesn't matter if resolved is not part of the init, or not part of PID 1. It's part of the project and idiot maintainers are including it because they have zero clue about the software they're maintaining. They opted for systemd because unit files are easier to maintain th

  • If so, those guys introduced a bug into a working package.
    If not, those guy introduced a buggy package in a working environment.
    Blame those guys!

  • There's all this whining about systemd and comparing it to Microsoft but comparing Redhat to Microsoft seems more appropriate, no?

    • by JustNiz ( 692889 )

      When I think of Microsoft I think giant anti-competitive sneaky dirty tricks, such as embrace and extend, a.k.a make a new friend, stab him in the back, move into his house, and sleep with his wife.

      I'm not seeing anything on the scale of MS's standard playbook going on anywhere in the Linux world.

  • Talk about a "nothing burger" ... this is one!

    The fix? Merely a standard "sudo apt upgrade & sudo apt full-upgrade", something most users of Ubuntu & its derivatives do with automatic updates.

  • Just be aware that if you're running a LTS [ubuntu.com] version of Ubuntu, it doesn't have this vulnerability.
    As per the linked article, this issue affects Ubuntu 17.04 & Ubuntu 16.10. The most recent LTS release [ubuntu.com] is 16.04

  • Somebody explain to me please, how come that Lennart from RedHat _Desktop_ team, rules over everything?! I just don't get it.

Adding features does not necessarily increase functionality -- it just makes the manuals thicker.

Working...