Microsoft Azure customers running Canonical’s Ubuntu 18.04 (aka Bionic Beaver) in the cloud have seen their applications fail after a failed systemd security update with broken DNS queries.
The situation is as strange as it sounds: If you’re running Ubuntu 18.04 in an Azure virtual machine and have the systemd 237-3ubuntu10.54 security update installed, you’ve probably found that you can’t use DNS inside the VM, which is causing it that applications and other software that rely on domain name lookups will no longer function properly.
“Starting at around 06:00 UTC on August 30, 2022, some customers running Ubuntu 18.04 (bionic) VMs that were recently upgraded to systemd version 237-3ubuntu10.54 were reporting DNS errors when attempting to access their access resources”, an update of the Microsoft Azure status page said Tuesday.
Although the problem is limited to this one version of Ubuntu Linux, it has still proven to be a showstopper for those affected.
A single post on an Ubuntu forum under the name of Luciano Santos de Silva wrote“Hey guys, nothing is working. My application has been out since early this morning. We’ve already tried restarting the nodes, restarting the VM, but nothing has worked and we don’t have an update from Microsoft. Four hours ago they said : ‘More information will be provided within 60 minutes as we anticipate learning more about root cause and mitigation workflows.'”
Others report that the problematic update has affected Azure Kubernetes Service (AKS) clusters. And things don’t seem to be going well based on the Azure dashboard, which is currently populated with alert icons for disruptions around the world for multiple cloud services.
The Ubuntu update issue was reflected on downdetector.com’s Azure page, which is currently showing increased reports of problems.
According to Microsoft, Azure Government and Azure China customers are also affected by the systemd snafu. The Windows giant recommends users of Ubuntu 18.04 to disable automatic security updates for the time being. gulp.
Microsoft Azure was last updated just after 1500 UTC. It expects its next update at 2100 UTC, “or when events warrant.”
The systemd patch is necessary. It speaks CVE-2022-2526a use-after-free() vulnerability that could be exploited to cause a crash or execute arbitrary code on a vulnerable box.
“This problem occurs because the on_stream_io() and dns_stream_complete() functions in ‘resolved-dns-stream.c’ don’t increment the reference count for the DnsStream object,” he explains Bug report from RedHat. “As a result, other called functions and callbacks may dereference the DNSStream object, causing post-release use if the reference is still used later.”
But applying the patch breaks DNS on Ubuntu 18.04, or rather it did – the buggy update Was withdrawn for repairs. Other Ubuntu versions including xenial, trusty, jammy and focal are not affected.
For those who have already applied the faulty patch, there is a workaround which involves the following editing the resolve.conf file. Another workaround suggested by Microsoft Azure is to “reboot affected VM instances so they get a new DHCP lease and new DNS resolvers”. ®
https://www.theregister.com/2022/08/30/ubuntu_systemd_dns_update/ Ubuntu 18.04 systemd security update breaks DNS in Azure • The Register