Canonical informs Ubuntu users that it updated the systemd packages in the Ubuntu 16.10 (Yakkety Yak) and Ubuntu 17.04 (Zesty Zapus) operating systems to patch a recently discovered security issue.
The new systemd vulnerability (CVE-2017-9445) appears to affect the systemd-resolved component, which could allow a remote attacker to crash the systemd daemon by causing a denial of service or run malicious programs on the vulnerable, unpatched machines by using a specially crafted DNS response.
In the security report, Canonical says that the systemd vulnerability affects Ubuntu 16.10 and Ubuntu 17.04 releases, as well as all of its official derivatives, including but not limited to Kubuntu, Lubuntu, Xubuntu, Ubuntu MATE, Ubuntu GNOME, Ubuntu Kylin, Ubuntu Studio, Ubuntu Server, and Ubuntu Cloud.
To patch the security flaw, Canonical recommends users to update their systems immediately to the new systemd versions that are already available for installation in the stable repositories. Ubuntu 17.04 users need to update to systemd 232-21ubuntu5 and Ubuntu 16.10 users to systemd 231-9ubuntu5.
Submitted by: Arnfried Walbrecht