Microsoft Azure customers running Ubuntu 18.04 from Canonical (aka Bionic Beaver) in the cloud saw their applications fail after a faulty systemd security update interrupted DNS queries.
The situation is as strange as it sounds: if you’re running Ubuntu 18.04 in an Azure VM and you’ve installed systemd security update 237-3ubuntu10.54, you’ve probably found yourself unable to use DNS in the virtual machine, which prevents applications and other software that rely on domain name lookups from working properly.
“As of approximately 06:00 UTC on August 30, 2022, a number of customers running recently upgraded Ubuntu 18.04 (bionic) virtual machines to systemd version 237-3ubuntu10.54 reported experiencing DNS errors when they were trying to access their resources”, an update of the Microsoft Azure Status Page said Tuesday.
Although the problem is limited to this single version of Ubuntu Linux, it has nevertheless proven to be a hindrance for those affected.
An individual posting to an Ubuntu forum as Luciano Santos de Silva wrote“Hey guys, nothing is working. My app has been out since this morning. We have already tried restarting the nodes, restarting the VM, but nothing is working and we have no updates from Microsoft. Four hours He A few days ago, they said, “More information will be provided within 60 minutes, when we hope to learn more about the root cause and mitigation workflows.”
Others report that the problematic update affected Azure Kubernetes Service (AKS) clusters. And things don’t seem to be going well based on the Azure dashboard, which is currently filled with disruption warning icons across the world for several cloud services.
The Ubuntu update issue has been reflected on downdetector.com’s Azure page, which currently shows high gears of problems.
According to Microsoft, the systemd snafu also affected Azure Government and Azure China customers. The Windows giant recommends Ubuntu 18.04 users to disable automatic security updates for the time being. Sip.
The most recent Microsoft Azure update occurred just after 1500 UTC. It anticipates its next update around 2100 UTC, “or as events dictate.
The systemd patch is required. He is speaking to CVE-2022-2526a use-after-free() vulnerability that could be exploited to cause a crash or execute arbitrary code on a vulnerable machine.
“This issue occurs because the on_stream_io() function and the dns_stream_complete() function in ‘resolved-dns-stream.c’ do not increment the reference count for the DnsStream object,” explains RedHat bug report. “Therefore, other functions and callbacks called may dereference the DNSStream object, causing use-after-free when the reference is still used later.”
But applying the patch breaks DNS on Ubuntu 18.04, or rather it does – the buggy update has been removed for repairs. Other Ubuntu releases including xenial, trusty, jammy and focal are not affected.
For those who have already applied the errant patch, there is a workaround that involves assembly the resolve.conf file. Another workaround suggested by Microsoft Azure is to simply “restart the affected VM instances so that they receive a new DHCP lease and new DNS resolvers”. ®