TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
What’s Slowing You Down?
What is your biggest inhibitor to shipping software faster?
Complicated codebase and technical debt.
0%
QA, writing tests, and debugging.
0%
Waiting for PR review or stakeholder approval.
0%
I'm always waiting due to long build times.
0%
Rework due to unclear or incomplete specifications.
0%
Inadequate tooling or infrastructure.
0%
Other.
0%
 
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
How Giant Swarm Is Helping to Support the Future of Flux
Apr 22nd 2024 7:59am, by Heather Joslyn
What’s Next for Companies Built on Open Source?
Apr 18th 2024 7:13am, by Heather Joslyn
Your Engineering Organization Is too Expensive
Apr 17th 2024 11:19am, by Luca Galante
Tetrate Enterprise Gateway for Envoy Graduates
Apr 10th 2024 9:00am, by Steven J. Vaughan-Nichols
The Open Source Market’s in Flux. How Can IT Managers Cope?
Apr 8th 2024 10:57am, by Joe Fay
Kubernetes Gets Back to Scaling with Virtual Clusters
Apr 25th 2024 7:01am, by Alex Williams
What Does WebAssembly Mean for the Server and GenAI?
Apr 23rd 2024 10:03am, by Ryan Wallner
How to Use Low-CVE Chainguard Container Images on Docker Hub
Apr 19th 2024 8:04am, by B. Cameron Gain
Kubernetes vs. YARN for Resource Management: How to Choose
Apr 10th 2024 8:16am, by Jacob Simkovich
Use Podman to Create and Work with Virtual Machines
Apr 6th 2024 6:00am, by Jack Wallen
Ambient AI? Humane's 'Ai Pin' Embarks on a Dream's Long Road
Apr 21st 2024 6:00am, by David Cassel
Chipmakers Putting a Laser Focus on Edge AI
Apr 12th 2024 10:06am, by Jeffrey Burt
The Future of AI: Hybrid Edge Deployments Are Indispensable
Mar 22nd 2024 10:00am, by Luis Ceze
How RapidAI Uses Edge, Kubernetes and AI to Boost Stroke Care
Mar 15th 2024 10:30am, by Charles Humble
Trusted Boot: What to Know About Securing Devices at the Edge
Mar 14th 2024 7:15am, by Ettore di Giacinto
API Design Is Pretty Bad — Here's How to Fix It
Apr 3rd 2024 6:01am, by Lebin Cheng
Will Spotify Open Source its Microservices Framework?
Apr 2nd 2024 7:45am, by Loraine Lawson
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
10 Ways Kubernetes Observability Boosts Productivity, Cuts Costs
Mar 27th 2024 6:08am, by Eric Schabell
Evolve Manual and Templated Dockerfiles with Automation
Mar 26th 2024 10:33am, by Rak Siva
Guider Daemon Automates Linux Performance Monitoring
Apr 19th 2024 11:16am, by Joab Jackson
Enhancing Kubernetes Network Security with Microsegmentation
Apr 11th 2024 6:23am, by Dhiraj Sehgal
Tetrate Enterprise Gateway for Envoy Graduates
Apr 10th 2024 9:00am, by Steven J. Vaughan-Nichols
Zero Trust for Legacy Apps: Load Balancer Layer Can Be a Solution
Apr 10th 2024 7:22am, by Prabhat Dixit
How Observability Is Different for Web3 Apps
Mar 15th 2024 12:00pm, by Sarah Morgan
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by Henry Hamid Safi
Meet DBOS: A Database Alternative to Kubernetes 
Mar 12th 2024 4:00am, by Joab Jackson
Pulumi Templates for GenAI Stacks: Pinecone, LangChain First
Feb 21st 2024 9:00am, by Joab Jackson
CNCF CloudEvents: A Li'l Message Envelope That Travels Far
Jan 31st 2024 4:00am, by Joab Jackson
Bringing the AWS Serverless Strategy to Azure
Jan 19th 2024 6:00am, by Rak Siva
How to Get Peak Performance without a Vast Amount of Memory
Apr 9th 2024 10:17am, by Behrad Babaee
From Postgres to ScyllaDB NoSQL, with a 349x Speed Boost 
Apr 1st 2024 11:27am, by Cynthia Dunlop
The Architect’s Guide: A Modern Data Lake Reference Architecture
Mar 26th 2024 9:17am, by Keith Pijanowski
Cloud Data Migration or Cloud Data Tiering?
Mar 25th 2024 10:00am, by Kumar Goswami
KubeCon24: MinIO Object Store Equipped with Enterprise Features
Mar 19th 2024 2:00pm, by Joab Jackson
AI Large Language Models Frontend Development Software Development API Management Python JavaScript TypeScript WebAssembly Cloud Services Data Security
What Is an AI Gateway and Do You Need One Yet?
Apr 25th 2024 6:33am, by
Amazon Bedrock Expands Palette of Large Language Models
Apr 24th 2024 1:37pm, by
5 Strategies for Better Results from an AI Code Assistant
Apr 24th 2024 10:25am, by
The Future of SQL: Conversational Hands-on Problem Solving
Apr 23rd 2024 6:04am, by
Low-Code Generative AI: New Solution Makes AI Easier to Create
Apr 22nd 2024 10:10am, by
Amazon Bedrock Expands Palette of Large Language Models
Apr 24th 2024 1:37pm, by
How to Summarize Large Documents with LangChain and OpenAI
Apr 22nd 2024 9:41am, by
How One Programmer Built an AI-Powered Interactive FAQ
Apr 16th 2024 9:04am, by
A Developer's Guide to Getting Started with LlamaIndex
Apr 13th 2024 5:00am, by
Tool Fragmentation — Is There a Fix?
Apr 12th 2024 9:37am, by
Cancel Asynchronous React App Requests with AbortController
Apr 24th 2024 8:58am, by
One Login: Towards a Single Fediverse Identity on ActivityPub
Apr 24th 2024 8:10am, by
How to Simplify Global State Management in React Using Jotai
Apr 24th 2024 7:29am, by
Low-Code Generative AI: New Solution Makes AI Easier to Create
Apr 22nd 2024 10:10am, by
Dev News: Vercel Preps for React 19; New jQuery, pnpm Releases
Apr 20th 2024 4:00am, by
Preventing Scope Creep: Guide for Managing Outsourced Teams
Apr 25th 2024 7:57am, by
5 Strategies for Better Results from an AI Code Assistant
Apr 24th 2024 10:25am, by
Golang: How to Use Library Packages
Apr 23rd 2024 5:00pm, by
Fortifying the Software Supply Chain
Apr 23rd 2024 7:16am, by
The Future of SQL: Conversational Hands-on Problem Solving
Apr 23rd 2024 6:04am, by
Application Delivery Controllers: A Key to App Modernization
Apr 25th 2024 8:26am, by
What Is an AI Gateway and Do You Need One Yet?
Apr 25th 2024 6:33am, by
Cancel Asynchronous React App Requests with AbortController
Apr 24th 2024 8:58am, by
API Builders Must Sell to Developers or Die Slowly
Apr 22nd 2024 7:17am, by
Dev News: Vercel Preps for React 19; New jQuery, pnpm Releases
Apr 20th 2024 4:00am, by
Apache NiFi 2.0.0: Building Python Processors
Apr 25th 2024 1:14pm, by
How to Use Low-CVE Chainguard Container Images on Docker Hub
Apr 19th 2024 8:04am, by
What Are Python 'Sets' and How Do You Use Them?
Apr 17th 2024 6:17am, by
Python Tutorial: Use TensorFlow to Generate Predictive Text
Apr 16th 2024 11:00am, by
JavaScript, Python Neck and Neck in GitHub Developer Usage
Apr 15th 2024 9:45am, by
Cancel Asynchronous React App Requests with AbortController
Apr 24th 2024 8:58am, by
How to Simplify Global State Management in React Using Jotai
Apr 24th 2024 7:29am, by
Dev News: Vercel Preps for React 19; New jQuery, pnpm Releases
Apr 20th 2024 4:00am, by
New Wasm Project Brings Web Components to Backend Languages
Apr 18th 2024 9:36am, by
Why PHP Usage Has Declined by 40% in Just Over 2 Years
Apr 18th 2024 8:27am, by
Dev News: Deno Supports Open Source Repository JSR and an Offline AI
Mar 30th 2024 4:00am, by
Advanced OOP in TypeScript: Interfaces and Abstract Classes
Mar 22nd 2024 10:30am, by
How to Get Advantages of TypeScript in JavaScript
Oct 27th 2023 10:51am, by
Dev News: Udemy's New Docker Program, Plus TypeScript Beta
Oct 7th 2023 5:01am, by
The Angular Renaissance: Why Frontend Devs Should Revisit It
Sep 26th 2023 8:15am, by
What Does WebAssembly Mean for the Server and GenAI?
Apr 23rd 2024 10:03am, by
New Wasm Project Brings Web Components to Backend Languages
Apr 18th 2024 9:36am, by
4 Big Developments in WebAssembly
Apr 18th 2024 8:56am, by
WebAssembly Adoption: Is Slow and Steady Winning the Race?
Apr 10th 2024 5:00am, by
Why WASI Preview 2 Makes WebAssembly Production Ready
Apr 5th 2024 6:21am, by
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by
IBM Purchases HashiCorp for Multicloud IT Automation
Apr 24th 2024 3:23pm, by
Why Observability Was Key to Citigroup’s Cloud Native Transition
Apr 19th 2024 10:29am, by
Answers to the 5 Most Common Cloud Cost-Optimization Questions
Apr 17th 2024 7:38am, by
Key Infrastructure Takeaways from Google Cloud Next 2024
Apr 16th 2024 12:00pm, by
Apache NiFi 2.0.0: Building Python Processors
Apr 25th 2024 1:14pm, by
The Future of SQL: Conversational Hands-on Problem Solving
Apr 23rd 2024 6:04am, by
How to Summarize Large Documents with LangChain and OpenAI
Apr 22nd 2024 9:41am, by
Integrating Real-Time and Historical Data Enhances Decision-Making
Apr 18th 2024 6:34am, by
Python Tutorial: Use TensorFlow to Generate Predictive Text
Apr 16th 2024 11:00am, by
Application Delivery Controllers: A Key to App Modernization
Apr 25th 2024 8:26am, by
What Is an AI Gateway and Do You Need One Yet?
Apr 25th 2024 6:33am, by
Vulnerabilities Versus Intentionally Malicious Software Components
Apr 24th 2024 6:49am, by
Fortifying the Software Supply Chain
Apr 23rd 2024 7:16am, by
How to Use Low-CVE Chainguard Container Images on Docker Hub
Apr 19th 2024 8:04am, by
Platform Engineering Operations CI/CD Tech Careers Tech Culture DevOps Kubernetes Observability Service Mesh
Pulumi Launches New Infrastructure Lifecycle Features
Apr 24th 2024 12:49pm, by Darryl K. Taft
AI in Platform Engineering: Concerns Grow Alongside Advantages
Apr 22nd 2024 9:04am, by Nicola Campagna
Your Engineering Organization Is too Expensive
Apr 17th 2024 11:19am, by Luca Galante
Drive Developer Self-Service with Crossplane, K8s and a Portal
Apr 17th 2024 9:46am, by Mor Paz
What Comes after Internal Developer Platforms?
Apr 15th 2024 12:56pm, by Valerie Slaughter
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by Henry Hamid Safi
Application Delivery Controllers: A Key to App Modernization
Apr 25th 2024 8:26am, by Charles Humble
Kubernetes Gets Back to Scaling with Virtual Clusters
Apr 25th 2024 7:01am, by Alex Williams
IBM Purchases HashiCorp for Multicloud IT Automation
Apr 24th 2024 3:23pm, by Joab Jackson
Pulumi Launches New Infrastructure Lifecycle Features
Apr 24th 2024 12:49pm, by Darryl K. Taft
Preventing Scope Creep: Guide for Managing Outsourced Teams
Apr 25th 2024 7:57am, by Liz Ryan
Creating an EKS Cluster with No Manual Coding
Apr 19th 2024 8:53am, by Edan Evantal
How an AI Chatbot Can Boost Developer Productivity
Apr 19th 2024 6:27am, by Asmitha Rathis
4 Big Developments in WebAssembly
Apr 18th 2024 8:56am, by Matt Butcher
5 Steps Toward Military-Grade API Security
Apr 18th 2024 8:02am, by Gary Archer
Tech Hiring: Most Employers Added Jobs or Kept the Status Quo in 2023
Apr 23rd 2024 8:08am, by Lawrence E Hecht and Heather Joslyn
How to Understand and Improve Your Developer Experience
Apr 23rd 2024 7:51am, by Nočnica Mellifera
Why Military Vets Are the Drama-Free Problem Solvers You Need
Mar 28th 2024 9:20am, by Joe Fay
Using AI to Improve Bad Business Writing
Mar 26th 2024 5:00am, by Jon Udell
Developers Share What Helped Them Land New Roles
Mar 25th 2024 6:45am, by Jeff James
Preventing Scope Creep: Guide for Managing Outsourced Teams
Apr 25th 2024 7:57am, by Liz Ryan
How to Understand and Improve Your Developer Experience
Apr 23rd 2024 7:51am, by Nočnica Mellifera
Ukrainian Coder's New Programming Language: One Big Data Structure
Apr 23rd 2024 6:00am, by David Cassel
Ambient AI? Humane's 'Ai Pin' Embarks on a Dream's Long Road
Apr 21st 2024 6:00am, by David Cassel
Linus Torvalds on Security, AI, Open Source and Trust
Apr 19th 2024 9:57am, by David Cassel
Vulnerabilities Versus Intentionally Malicious Software Components
Apr 24th 2024 6:49am, by Aaron Linskens
How to Understand and Improve Your Developer Experience
Apr 23rd 2024 7:51am, by Nočnica Mellifera
API Builders Must Sell to Developers or Die Slowly
Apr 22nd 2024 7:17am, by Nolan Di Mare Sullivan
Query Apache Kafka with SQL
Apr 16th 2024 7:51am, by Stéphane Derosiaux
GitOps Makes for Great DevEx, but Pragmatism Matters
Apr 9th 2024 6:30am, by Steve Fenton
Kubernetes Gets Back to Scaling with Virtual Clusters
Apr 25th 2024 7:01am, by Alex Williams
eBPF: Reliable Policy Setting and Enforcement
Apr 24th 2024 4:00am, by B. Cameron Gain
4 Big Developments in WebAssembly
Apr 18th 2024 8:56am, by Matt Butcher
Drive Developer Self-Service with Crossplane, K8s and a Portal
Apr 17th 2024 9:46am, by Mor Paz
Grafana 11: No Need to Create PromQL Queries for Prometheus
Apr 17th 2024 4:00am, by B. Cameron Gain
Guider Daemon Automates Linux Performance Monitoring
Apr 19th 2024 11:16am, by Joab Jackson
Why Observability Was Key to Citigroup’s Cloud Native Transition
Apr 19th 2024 10:29am, by Eric Newcomer
Grafana 11: No Need to Create PromQL Queries for Prometheus
Apr 17th 2024 4:00am, by B. Cameron Gain
Highlight.io: Open Source Application Monitoring for Developers
Apr 9th 2024 10:00am, by Jay Khatri
How Conviva Uses Endpoint Event Data to Measure UX at Scale
Mar 29th 2024 9:16am, by Vicki Walker
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
Some Linkerd Users Must Pay: Fear and Anger Explained
Feb 28th 2024 9:21am, by B. Cameron Gain
Buoyant Revises Release Model for the Linkerd Service Mesh
Feb 21st 2024 9:30am, by Joab Jackson
Istio Advisor Plus GPT: Expert System Meets AI for Service Mesh
Dec 14th 2023 12:15pm, by Steven J. Vaughan-Nichols
Using JWTs to Authenticate Services Unravels API Gateways
Nov 8th 2023 6:53am, by Christian Posta and Peter Jausovec
Open Source / Security

Systemd Flaw Leaves Linux Distributions Scrambling to Patch

Jul 3rd, 2017 1:00am by
Featued image for: Systemd Flaw Leaves Linux Distributions Scrambling to Patch

Ubuntu, Fedora, Arch Linux and other Linux distributions have released patches for a serious arbitrary code execution vulnerability that could be exploited through malicious Domain Name System (DNS) packets.

The flaw was found in systemd-resolved, a service that’s part of the systemd initialization system adopted by many Linux distributions in recent years. The resolved service provides network name resolution to local applications by querying DNS servers.

The vulnerability, tracked as CVE-2017-9445, was discovered by Chris Coulson, a software engineer at Canonical and member of the Ubuntu team, who noticed that when dealing with certain data packet sizes, systemd-resolved fails to allocate a sufficiently large buffer.

“A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved to allocate a buffer that’s too small, and subsequently write arbitrary data beyond the end of it,” Coulson said in an advisory posted on the Open Source Security mailing list.

This could be exploited to crash the systemd-resolved daemon or to execute potentially malicious code in its context.

There are multiple ways in which an attacker could send malicious DNS packets to a Linux system with systemd-resolved running. One of them is by launching a man-in-the-middle attack on an insecure wireless network or through a compromised router.

Fortunately, not all Linux systems are affected because some distributions don’t use systemd and even among those that do, not all of them include systemd-resolved. For example, SUSE and openSUSE distributions don’t ship this component and, while Debian 9 (Stretch) includes it, the service is not enabled by default. The previous Debian versions don’t have the vulnerable code at all.

Red Hat rated this vulnerability as important and assigned it a Common Vulnerability Scoring System (CVSS) score of 7.5, but determined that it does not affect the versions of systemd shipped with Red Hat Enterprise Linux 7. Fedora, however, is affected and has issued patches.

Ubuntu, Arch Linux and probably other distributions are also affected. Users should check if they have any updates pending for systemd and should deploy the patches as soon as possible. According to Coulson, the flaw was likely introduced in systemd version 223 in 2015 and affects all versions up to and including 233.

Red Hat is a sponsor of The New Stack.

Feature image via Pixabay.

TRENDING STORIES
Group Created with Sketch.
Lucian is a freelance writer for The New Stack. He has been covering cybersecurity and the hacker culture for over a decade, his work appearing in many online technology publications including PCWorld, Computerworld, Network World, The Inquirer and Softpedia.com. Lucian...
Read more from Lucian Constantin
SHARE THIS STORY
TRENDING STORIES
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.