Some may remember back Jan2017/Dec2016 when RedHat listed a DOS vulnerability that specifically had to do with the way that
systemd handled empty notifications that would crash systemd if not handled correctly. The Ubuntu vulnerability this time around is in a similar vain.
According to Canonical the systemd vulnerability affects solely in versions 16.10 and 17.04 releases apparently having skipped 16.04 (good ol’ LTS). The security hole resides specifically in systemd-resolvd which takes care of the resolution of DNS queries. When handling specially crafted DNS queries an out-of-bound write could occur causing the resolution daemon to crash or execute arbitrary code.
Thankfully patches already exist and one only has to update their 17.04 systemd package to v232-21ubuntu5 or their 16.10 installation to v231-9ubuntu5.