Slashdot Mirror
Vulnerability Discovered In Latest Ubuntu Distributions, Users Advised To Update (ubuntu.com)
Celarent Darii writes: There is a vulnerability in the latest ubuntu distributions due to the DNS resolver included in systemd. The inclusion of the dns resolver was lamented by many on the mailing list, not without cause. All are advised to update their distribution.
Millions of Windows machines got hit yesterday with NotPetya, so this DNS vulnerability is proof that Linux is just as insecure because millions of Linux machines... didn't.
I had nothing but issues and uninstalled it and went back to dnsmasq... not a problem since. I wish they would just quit throwing the kitchen, bathroom, outside sinks into this mess.
No kidding. Do all of you folks see my amazed look? :/
B.t.w. does anybody know if systemd already ships its own OS?
Finally, the proof! When we arrest Linus, should it be the death sentence or just prison for life?
I think systemd is a Microsoft plant. It's basically INI files for Linux. Next week he'll upgrade us all to a 'central registry' and you'll need a GUI to edit it.
Custom electronics and digital signage for your business: www.evcircuits.com
This is why Windows 10 is superior to lunix.
*smug and cruel laughter*
HahahahheeeeehheeeehawwwHHEEEEEEHAWWWWHEEEEEEHAWWWW
Suggest Windows 8 or Windows 10 for maximum support
Windows for life.
SystemD is a computer virus
So the fact that linux machines didn't get hit by an attack crafted specifically for windows proves "Linux is more secure" I hope to god you aren't a sysadmin, you are worse than the unpatched windows servers in my network. At least I fully understand the risk associated with those boxes and I'm not living in a fantasy world of "Linux is more secure"
It's as secure as it's admin, and clearly from here and many linux forums, most of the admins are too busy smelling their own farts to be bothered with actual security.
But,.... this is ubuntu, who the fuck cares about ubuntu? desktop users.
Prison where he can become Jamal's girlfriend like the good little beta he is.
Too many people lie to hurt Linux because they're corporate shill or just simply hate freedom. The newest version of systemd that we make available for 14.40 is 229-4ubuntu17. This idiot lies and claims that 231-9ubuntu5 fixes the problem. That version does not exist. The attacks from people like Oracle and Microsoft are getting more desperate. Their constant spew of hate must be working because they're investing more money in paying these people to spew more lies.
I love how this post doesn't make the slightest attempt at summarizing the story and consists solely of blatant (and erroneous) editorializing. Somehow, a piece of software containing a vulnerability is now proof that it's terrible and irredeemable. The fact that the vulnerability is not given even the briefest of descriptions in this summary demonstrates this post is about scoring political points and literally nothing more.
"All are advised to update their distribution." This is what package managers are for. Stop with the disingenuous suggestion that some special action must be taken.
PulseAudio is a flaky disaster as is the developer behind it. But systemd is scaled up full retard. Who, in their right mind, thinks, "Gee, I should plop my own homegrown DNS resolver into my system service startup tool. Nothing could go wrong with that." Let's forget that BIND went through many painful years of vulnerability management.
Systemd is just a piece of crap. It's slow, bloated, broken, and a security hole waiting to be exploited. I propose that all linux distros revert back to init.d and dispose of this garbage code at a microsoft coding camp.
and the people who are smart and only run LTS releases were not affected...
Here goes: systemd, the cause of all modern Linux problems.
systemd is completely backward in how unix systems are built. You're supposed to have tiny programs do one job and do it well. systemd is a huge monolith that's assimilating everything on its path.
Wait, why does that sound familiar?
Anyone know if the authors of systemd are getting paid by Microsoft, by any chance?
#DeleteFacebook
What else can I look forward to if I download this update?
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Comments in this post are part of a huge circle-jerk, few sane aside.
Guess again. Ubuntu is the most popular Linux server distro.
http://www.serverwatch.com/col...
Won't get that past the 8th amendment.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
SystemD has 617 issues open and there is no sign of all issues being resolved this decade.
Anons need not reply. Questions end with a question mark.
fuck beta
When I read the story, I immediately thought "Half the comments will be about Petya, the other half will lament how systemd is the spawn of hell".
I was not disappointed.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Who better to write a major security problem, if not Captain Clueless?
The problem isn't with Linux, it's with systemd. I do use a distro that unfortunately uses systemd. I was actually surprised at how fast systemd infected so many distributions when so many people seemed to complain about it. There seemed to be a lot of arguments over at Debian, so much that a group of those involved left to create a fork of Debian. I haven't had any problems with it yet, but I am wary of it, and how it goes against what Linux is.
A vulnerability is found, update your system. How is that news? That should just be common practice. When security updates are released for your OS, update it. This is not news. Vulnerabilities are found often in all OSes. And updates are released. Seems to me like the article is attempting to call out Ubuntu rather that actually inform and educate.
Sent from my TARDIS
I had already swapped systemd-resolved for dnsmasq because that works.
Ceci n'est pas une
the paradigm of the age is "we don't care what the users/customers/voters think, we're doing it anyway".
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
This bug affects 17.04 and 16.10, nothing critical should be running on non LTS releases anyway.
This is what you get for running that horribly insecure Linux operating system!
Fed up with systemd, Linus switched his home machine to freebsd last year.
Switch to slackware, devuan, gentoo...
After all Linux is still a few percentage of desktop, no need to install Debian derivative
We are competent admin, are we not ?
Yes, it is painful to see such a great distro being overtaken by such a crap software.
Live long and prosper
See subject: "Shouting it out from the rooftops", 'spreading the GOOD word' for those who *may* not hear it otherwise = GOOD idea!
APK
P.S.=> They're doing the RIGHT thing, by everyone, really (imo @ least) - & me, though I used to do it (the REAL reason I used to come here initially, not for a "MS cheering section" (which I admittedly favor, it's made me a career/life), but rather to SEE HOW THE OTHER 1/2 LIVES & to conquer their 'objections' via facts (especially when BS) - I already KNOW a lot of what MS spouts after all or what they do, good or bad (all relative) - I wanted to see what goes on on a "Pro-*NIX" site & imo? /. 'fits the bill' - very informative. Got me to try Linux again after, oh (1994 1st time, it sucked) 16++ yrs., & while in Europe travelling, I ran it on a laptop for the summer (it's VERY good now, no reason to rib on it - well, I will rib on outright CRAP from its 'troll supporters' to this day though)... apk
interestingly enough, everyone who argued against systemd has been validated. Systemd is a cancer and should be irradicated from all distributions. Systemd is an active effort to fuck over Linux to be more like Windows. As systemd continues to be used, Linux continues to become as broken, dysfunctional, and unsecure as Windows.
Only the dumb of the dumb actually champion systemd.
Finally, we may be seeing the year of the Linux Desktop... ...Malware.
"That's the way to do it" - Punch
and you didnt use it in your everyday vocabulary until your friends at fox news mind controlled you to use it.
now youre just a parrot repeater thinking calling someone a beta cuck doesnt make you look like a parrot repeater
parrot repeater
Wait, I thought that you alt-righters were all about LGBT equality. I was getting ready to hate Muslims because of the Pulse nightclub shooting.
Why would it be shameful to be Jamal's girlfriend?
Whenever I see one of these vulnerability notices, I always go to to check/update my system, and I always find that my system has installed the fix itself, automatically. Honestly, it's really quite impressive. Nothing like the proprietary worlds. Thanks, Ubuntu, Debian, and the systemd teams!
The reference was not about INI files; it was about the AIX binary database of system and device configuration info known as ODM http://aix4admins.blogspot.com/2011/08/odm-object-data-manager-it-is-database.html?m=1.
The joke is about what happens when you cross two binary system databases on the same UNIX...
Shitstemd apologists are too stupid to understand that by reinventing all these wheels also means reinventing all the bugs that have been long encountered and fixed in mature and stable code that shitstemd the project wants to reinvent.
It doesn't matter if resolved is not part of the init, or not part of PID 1. It's part of the project and idiot maintainers are including it because they have zero clue about the software they're maintaining. They opted for systemd because unit files are easier to maintain than shell scripts. Fine. Then use JUST the init.
Why the fuck do you have to include everything else, Ubuntu maintainers? What was so damn wrong with all the tried and tested resolving functions that you had to replace it with this steaming turd written by windows noobs who had no money to get into development for Windows, so they opted to take this mentality into Linux.
You idiots think that the "systemd drama" has settled? Think twice. The crapfest and trainwreck has merely STARTED. Next: CVE of epic proportions that owned the entire systemd/linux ecosystem, brought down milions of webservers and ground the Internet to a halt.
Stallman? When you're done eating your toe jam, perhaps you could chime in and defend the GNUserland which is fading away.
- When the description says "systemd-resolved is not used by default in Xenial", does that mean that most people need not worry after all?
- When only Ubuntu is mentioned, does that mean it's not an issue in upstream Debian, or it just hasn't been confirmed there yet?
FYI: This only affects 16.10 and 17.04, so everyone running 16.04.2 LTS is not affected.
p.s. But if you're on 16.04.2, then you better update today anyway because today's patches include a fix for CVE-2017-1000364 (jumping the stack guard page).
Ubuntu is also one out of thousands of Linux distros to choose from. Could just use a non systemd distro.
and should be irradicated from all distributions.
Zapped with radiation?
Yes, it's only used by little nothings like Amazon, Google, Wikipedia, etc.
If so, those guys introduced a bug into a working package.
If not, those guy introduced a buggy package in a working environment.
Blame those guys!
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
And they don't just update willy-nilly to the latest distro. You update too quickly, you know you're really a canary in a cage. So the "solution" is to update again? I'd roll back to the previous version of whatever you were using and wait a bit.
But hey, useful fools and all that ...
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
There's all this whining about systemd and comparing it to Microsoft but comparing Redhat to Microsoft seems more appropriate, no?
Dude, Linus has nothing to do with SystemD, but if you could find enough dirt on Pottering to get him in the slammer you'd probably get a medal of some sort.
Yes, I have been validated!!!
I told y'all muthafuckas this would happen.
#FuckSystemd
The news is clear, Shill.
The news here is that systemd, in its usual 'we know better than anyone, even though we have very very little experience' way replaced perfectly functional systems for the most dubious of reasons (usually 'because we want to make them different, and cannot even be bothered raising our reasons with maintainers of existing solutions because then we may need to rationalise what we want'), and went away and implemented a system broken in a way SO foolish that the existing solutions have addressed exactly these issues decades ago.
Not to mention the fact that they have worked hard to try and make it unavoidable that ALL linux solutions will end up with the problems caused by their basic ignorance by making systemd basically indespensible.
Clear enough? Or perhaps you think a trivially exploitable and almost indefensible DNS bug, along with a file system wiping bug (the good old rm ../...) are just minor bumps on the road to nirvana?
Of course the clear and obvious REASON for systemd is a power grab by RedHat to give them control of the Linux 'standard'. It is unfortunate that they cannot see past their own grab at power to see how damaging such an approach is to the robustness of Linux itself -they must turn away, stick their fingers in their ears, and sing 'la la la la, wont happen to us, la la la la' loudly to themselves each time a big windows exploit drops these days.. Because that is the endpoint of the path they are following.
Talk about a "nothing burger" ... this is one!
The fix? Merely a standard "sudo apt upgrade & sudo apt full-upgrade", something most users of Ubuntu & its derivatives do with automatic updates.
Running with Linux for over 20 years!
Systemd is an unaudited piece of code which has everything but kernel access, and even listens on the network. It is no wonder that a remote root exploit hasn't been found yet. With the "you use systemd on your job, or you won't have a job", it has become widespread, but because there is no separation of tasks (hint: the guys who made sendmail learned about this the hard way in the mid-1990s when there was a root escalation issue every other day for a while). Just one blob of code, with nothing to show any security methodology or testing behind it.
It is actually astonishing that Linux hasn't gotten hit big time by this. Systemd may be by some great politicans who get their way in the Linux scene, but the people systematically looking for any holes to be exploited are well-paid by governments and other well-heeled organizations.
systemd could be a M$ implant to destroy Linux.
systemd should be eradicated from all distro or just make it optional at install time and not buried deep down like IE in windows, where uninstalling it would destroy the OS.
Just be aware that if you're running a LTS version of Ubuntu, it doesn't have this vulnerability.
As per the linked article, this issue affects Ubuntu 17.04 & Ubuntu 16.10. The most recent LTS release is 16.04
Specialist Mac support for creative pros, Melbourne
Hosssssssst filessssss.... My precioussssssssss...
I'll commission a statue
Somebody explain to me please, how come that Lennart from RedHat _Desktop_ team, rules over everything?! I just don't get it.
It does too many things. Not one thing, and well, but lots of things. Just asking for it.
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon
take a look at the APK hosts file engine by SuperKendall
APK is kinda right. I've tried his hosts file generating software. It works by bmo
I like your host file system by Karmashock
I find your hosts file admirable by vel-ex-tech
APK your posts on this and the hosts file posts, and more, have never been in error and/or bad advice by BlueStrat
* My code's recommended & hosted by Malwarebytes' hpHosts!
APK
P.S.=> You're also VASTLY outnumbered by /.ers UNIDENTIFIABLE "ne'er-do-well" (want more like those above? Ask)... apk
Go use Windows why posting here
See subject: "There's NO TIME LEFT 4U - on my way to BETTER THINGS (I found myself some wings)" https://www.youtube.com/watch?v=D-VUnAuysMM/
* Sorry...
APK
P.S.=> Grow up... apk
Seriously
The man had the hot mess that is PulseAudio on his hands, and not only did he not fix that, he grew meglomanical and tried to move up the food chain. Wouldn't good stewardship of a fairly core linux audio stack be a prerequisite to trying to take over init?
There seemed to be a lot of arguments over at Debian, so much that a group of those involved left to create a fork of Debian.
That's wrong. Devuan was started by people not invloved in Debian after a well-known internet troll trolled them into doing so :)
The self-proclaimed "Veteran" "Unix" "Admins" (aka art students and anti-vaxxers) still have little idea how Debian works and thus took an eternity to release something that just changed the default init. It will get more amusing when they start to discover what managing a distribution actually involves as their infrastructure isn't designed to handle it.