Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerability Discovered In Latest Ubuntu Distributions, Users Advised To Update (ubuntu.com)

Posted by msmash on from the go-update dept.

Celarent Darii writes: There is a vulnerability in the latest ubuntu distributions due to the DNS resolver included in systemd. The inclusion of the dns resolver was lamented by many on the mailing list, not without cause. All are advised to update their distribution.

20 of 159 comments (clear)

  1. Proof that Linux is just as insecure as Windows! by Anonymous Coward · · Score: 2, Funny

    Millions of Windows machines got hit yesterday with NotPetya, so this DNS vulnerability is proof that Linux is just as insecure because millions of Linux machines... didn't.

  2. I'm amazed! by Vlijmen+Fileer · · Score: 3, Funny

    No kidding. Do all of you folks see my amazed look? :/
    B.t.w. does anybody know if systemd already ships its own OS?

    1. Re:I'm amazed! by Type44Q · · Score: 4, Informative

      SystemD's OS is the Intel Management Engine.

    2. Re: I'm amazed! by Anonymous Coward · · Score: 2, Insightful

      Although systemd is developed by a clique of Redhat engineers, Redhat distros themselves are so laughably out of date it's likely we will see them suffer from this vulnerability, just in 5 years time.

  3. Poettering strikes again by guruevi · · Score: 5, Funny

    I think systemd is a Microsoft plant. It's basically INI files for Linux. Next week he'll upgrade us all to a 'central registry' and you'll need a GUI to edit it.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re:Poettering strikes again by F.Ultra · · Score: 2

      Because let's pretend that INI files have not been in wide use on Unix for decades?

    2. Re:Poettering strikes again by F.Ultra · · Score: 3, Informative

      Some are yes, other are complex turing complete and others follow the INI style. Look i.e at /etc/openal/alsoft.conf, /etc/subversion/config, /etc/couchdb/local.ini, or why not any of the .desktop files in /usr/share/applications/.

      INI style are not bad just because MS happened to use them a lot in MS-DOS, AFAIK there isn't even anything that points to MS being the inventors of the format, just that they used them system until they came up with their horrid registry.

    3. Re:Poettering strikes again by F.Ultra · · Score: 2

      If AIX would destroy the universe as we know it if there ever was a single INI style file stored on it then it would have done so decades ago.

    4. Re:Poettering strikes again by ssam · · Score: 2

      >what happens when MicroSoft decides to open the lawsuit of the century claiming to be the owners of the INI format and demand retribution? I think they get laughed out of court.

  4. Re: Proof that Linux is just as insecure as Window by Type44Q · · Score: 2

    Windows for life.

  5. Dare I say it? by DontBeAMoran · · Score: 5, Insightful

    Here goes: systemd, the cause of all modern Linux problems.

    systemd is completely backward in how unix systems are built. You're supposed to have tiny programs do one job and do it well. systemd is a huge monolith that's assimilating everything on its path.

    Wait, why does that sound familiar?

    Anyone know if the authors of systemd are getting paid by Microsoft, by any chance?

    --
    #DeleteFacebook
    1. Re:Dare I say it? by Kjella · · Score: 4, Informative

      I'm not saying that systemd is the answer, but... the old init system worked great if all you ever needed was an init system. That is to say your machine got everything plugged in on boot, always on a wired network and always on AC. The only thing you need the init system for was to get you from cold hardware to a running state, then it could declare "my work here is done" and go into retirement until it was time for shutdown. For some people that's all they need, good for you. Anything dynamic has been a mess. Suspend/resume/hibernate, hot-plugging/unplugging, wired/wireless, connected/not connected to network, AC/battery, power management, docked/undocked, switchable graphics, the list goes on and on.

      The track record is not much better when it comes to shared resources like window managers, composited desktops, sound cards etc. that need some kind of mediator like a compositor or sound server. You can of course say that every application should solve this on their own, but the truth is that we know they don't and there's a huge patchwork of solutions that try to make applications play nice, often competing so this application will only work with that system-level service. I can understand that you don't want to support two init systems (SysV, systemd), four sound servers (PulseAudio, ALSA, Jack, OSS), two window managers (X11, Wayland) and so on.

      For this you want a modern POSIX, call it an "application execution environment" if you will. A running mediator between the applications and their surroundings, not just at boot but as long as the machine has power. Maybe this could be solved by a hundred small services of various kinds or at least that's its a better solution than one gigantic mess. But to pretend it's all working great is something of an exaggeration, to say the least.

      --
      Live today, because you never know what tomorrow brings
    2. Re:Dare I say it? by chihowa · · Score: 4, Insightful

      The problem with systemd is the half-assed assimilation of more and more system functions.

      • Why does systemd even have its own DNS resolver?
      • How many people are working on it and reviewing the code for security issues?
      • Why was the whole thing rewritten from scratch instead of just writing a shim for the previously used, reviewed, secure resolvers that exist?

      It's not just DNS resolvers, either. I've had issues with systemd's own (very incomplete) SNTP client, which is used instead of more mature and robust clients. Why do they keep reinventing the wheel in such a sloppy way?

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
  6. For those keeping track... by Gravis+Zero · · Score: 2, Funny

    SystemD has 617 issues open and there is no sign of all issues being resolved this decade.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:For those keeping track... by Gravis+Zero · · Score: 5, Interesting

      That graph is the infant graph of every project

      Sure... except that systemd has been around for seven years. It's not maturing because it's always expanding.

      They need help.

      I agree, they are rudderless boat that runs into other projects and absorbs them. What they need is vision but the project leaders are blind mice in a maze with no finish line. I cannot help them because they will not accept one of their ideas being rejected.

      What are YOU doing to help them? There's 617 things you could be working on.

      I've been writing a properly designed replacement to dislodge systemd. It's portable, superior but most importantly it follows the UNIX design philosophy. However, I will not be an enabler of those who work on systemd by cleaning up their messes for the next 30 years.

      Open source software is evolutionary and systemd too will go the way of the dinosaurs.

      --
      Anons need not reply. Questions end with a question mark.
    2. Re:For those keeping track... by gweihir · · Score: 2

      Why would I try to do something _this_ stupid?

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  7. Please, do not use systemd by what+about · · Score: 3, Insightful

    Switch to slackware, devuan, gentoo...

    After all Linux is still a few percentage of desktop, no need to install Debian derivative
    We are competent admin, are we not ?

    Yes, it is painful to see such a great distro being overtaken by such a crap software.

    Live long and prosper

  8. Re:what a horrible dns resolver by aardvarkjoe · · Score: 5, Insightful

    What problem do the systemd guys think that they're solving by adding a half-assed dns resolver to systemd? Is it just because they can't stand to have any software that's not under their direct control?

    --

    How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
  9. Re:News? by thegarbz · · Score: 2

    A vulnerability is found, update your system. How is that news?

    There's three types of vulnerabilities that make the news here:
    1) Windows vulnerabilities - because Slashdot loves a good laugh.
    2) Linux vulnerabilities - because Slashdot loves freaking out.
    3) Systemd vulnerbilities - because Slashdot loves thinking they were right and systemd is evil.

    This is a 2 out of 3. I suspect by the morning there will be 900 comments and the Slashdot mobile interface will rate this as the story with the most interest and activity, ... errr I mean the most ad revenue.

  10. Yes, News! by thesupraman · · Score: 3, Interesting

    The news is clear, Shill.

    The news here is that systemd, in its usual 'we know better than anyone, even though we have very very little experience' way replaced perfectly functional systems for the most dubious of reasons (usually 'because we want to make them different, and cannot even be bothered raising our reasons with maintainers of existing solutions because then we may need to rationalise what we want'), and went away and implemented a system broken in a way SO foolish that the existing solutions have addressed exactly these issues decades ago.
    Not to mention the fact that they have worked hard to try and make it unavoidable that ALL linux solutions will end up with the problems caused by their basic ignorance by making systemd basically indespensible.

    Clear enough? Or perhaps you think a trivially exploitable and almost indefensible DNS bug, along with a file system wiping bug (the good old rm ../...) are just minor bumps on the road to nirvana?

    Of course the clear and obvious REASON for systemd is a power grab by RedHat to give them control of the Linux 'standard'. It is unfortunate that they cannot see past their own grab at power to see how damaging such an approach is to the robustness of Linux itself -they must turn away, stick their fingers in their ears, and sing 'la la la la, wont happen to us, la la la la' loudly to themselves each time a big windows exploit drops these days.. Because that is the endpoint of the path they are following.