Linux users should beware of a recently discovered systemd vulnerability that could shut down a system using a command short enough to send in a tweet and Ubuntu users should update to new Linux kernel patches affecting supported operating systems.
SSLMate founder and Linux administrator Andrew Ayer spotted the bug which has the potential to kill a number of critical commands while making others unstable, according to Betanews.
Because the flaw requires local access to exploit and only cause's system instability instead of data loss Ayer considered the flaw to be a low-severity vulnerability, Ayer told SCMagazine.com via email comments.
“However, it is an important vulnerability because it highlights serious deficiencies in systemd's architecture and development practices, Ayer said. “A vulnerability like this shouldn't be possible in such an important operating system component, and wouldn't be possible if systemd were better designed.
He added that there this is cause for concern, especially as system replaces more and more components of the Linux operating system.
In the short term, Ayer advises Linux admins to make sure they have their automatic security updates enabled so that they will receive the fix for the vulnerability and in the long term, he suggests that users avoid relying on years systemd's non-standard features and to anticipate replacing systemd with a more robust replacement in the coming years.
A patch has reportedly been released on Github.
Separately, Canonical has announced a series of patches for new Linux Kernel vulnerabilities which affect supported Ubuntu operating systems, according to six 11 October advisories.
The vulnerabilities included an unbounded recursion in Linux kernel's VLAN and TEB Generic Receive Offload (GRO) processing implementation, a use-after-free condition in Linux kernel's TCP retransmit queue handling code, a race condition in Linux kernel's s390 SCLP console driver, race conditions in Linux kernel's audit subsystem and Adaptec AAC RAID controller driver respectively.
If left unpatched, the flaws could allow remote attacker to crash the system or retrieve delicate information. Users are advised to update their systems immediately.