Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found 6 articles for you...
79

Linux Kernel 6.13: Arm CCA and Enhanced Security Innovations

Linux Kernel 6.13 is here, and for security-conscious Linux admins, it’s packed with updates that are set to make a big difference in how you lock down and manage enterprise systems. This latest kernel release is not just about keeping up with the times; it’s about staying ahead of potential threats with a suite of security-focused enhancements. . From the introduction of Arm Confidential Compute Architecture (CCA) realms for fortified workload isolation to performance-boosting shadow stacks for Arm processors, Linux Kernel 6.13 equips you with cutting-edge tools to boost your security posture. Extended support for secure filesystems like XFS and ext4, coupled with the ongoing integration of Rust , means you’re prepared to tackle stack manipulation and memory management vulnerabilities with finesse. Moreover, by embracing a more streamlined lazy preemption model and retiring the legacy ReiserFS, Linux Kernel 6.13 ensures your systems are secure and robustly efficient. Whether safeguarding sensitive data against rogue execution environments or mitigating performance consumption with updated architectures, this kernel version provides the flexibility and reliability that today’s enterprise-grade systems demand. So, as you embark on upgrading, these advancements are ready to empower your security measures and enhance the overall resilience of your infrastructure. Let's examine the key updates and improvements introduced in Linux Kernel 6.13 in more depth to give you a better understanding of how this release will improve the security and performance of your Linux systems. Enhanced Security with Arm Confidential Compute Architecture One of the most significant updates in Linux Kernel 6.13 is Arm Confidential Compute Architecture (CCA) support. This feature enables the operation of Linux virtual machines in protected execution environments known as realms. With the increasing complexity of cybersecurity threats, isolating workloads from potentially untrusted execution environmentshas never been more critical. Arm CCA brings hardware-level isolation, ensuring that sensitive processes and data remain safe even if other system parts are compromised. For Linux admins, this addition translates to a stronger security posture for systems that handle sensitive information. By taking advantage of Arm CCA, you can segregate critical workloads, mitigating the risk of cross-contamination and unauthorized access. This isolation level is particularly valuable in environments where high security is paramount, such as financial services, healthcare, and government sectors. The hardware-level protection provided by Arm CCA realms adds an extra layer of defense, making it more challenging for attackers to breach your systems. Better Protection with Arm Processor Shadow Stacks Alongside Arm CCA, Linux Kernel 6.13 supports shadow stacks on 64-bit Arm processors. This security feature aims to protect user-space applications against a wide range of vulnerabilities related to stack manipulation and memory safety. Shadow stacks maintain a separate, protected stack that mirrors the main stack’s control flow. This technique significantly reduces the risk of stack-based attacks, such as return-oriented programming (ROP) exploits , which have been a persistent challenge for security professionals. Including shadow stacks, you can deploy a more secure platform for your applications and services. This enhancement improves security and boosts performance by offloading some memory protection tasks to specialized hardware. As a result, your systems can run more efficiently while maintaining robust security measures. You can shield your enterprise applications from common and emerging threats by leveraging shadow stacks, providing a more stable and secure environment. Strengthened Filesystem Security Linux Kernel 6.13's improvements in filesystem security are another significant area of progress, including those to XFS, ext4, and Btrfs. Filesystem protection. This is essential to enterpriseenvironments where data loss or corruption could have severe repercussions. Linux Kernel 6.13 introduces enhancements such as Atomic Write Support in XFS and ext4 filesystems , protecting data integrity even during power outages or unexpected shutdowns. Linux administrators know that filesystem updates mean improved reliability and security for their storage solutions. Atomic writes help prevent data corruption while maintaining consistency - an essential function in applications requiring accurate data storage solutions. By adopting improvements such as these filesystem upgrades, Linux admins can mitigate data loss risks while strengthening overall infrastructure security through resilient systems that remain robust even under adverse conditions. These enhancements reinforce the value of maintaining an accessible, safe storage environment. Rust Integration for Memory Safety One of the ongoing efforts in Linux Kernel development is the incorporation of the Rust programming language . Kernel 6.13 advances this effort with more Rust modules being installed that offer improved memory safety features - known for helping prevent common vulnerabilities like buffer overflows, use-after-free errors, and null pointer dereferences. Linux Kernel developers hope to reduce memory-related bugs that can lead to exploitable security flaws through Rust integration. Sysadmins will benefit from adopting Rust modules within the kernel to reduce memory management issues that could compromise system integrity. Rust's adoption helps create a more secure codebase with fewer vulnerabilities exploitable by malicious actors. With continued integration, we expect further enhancements in the kernel's security and stability. Optimized Performance with Lazy Preemption Linux Kernel 6.13 also updates the lazy preemption model , optimizing performance across x86, RISC-V, and LoongArch architectures. Lazy preemption balances responsiveness and throughput and simplifies configuration options to improve efficiency. Whilethis update primarily focuses on performance, it also contributes to system stability, a critical security component. A stable system is less prone to crashes and interruptions, reducing the attack surface for potential exploits. This optimized lazy preemption model means you can achieve higher performance without compromising stability. This balance is critical in enterprise environments where responsiveness and reliability are paramount. By leveraging these performance enhancements, you can ensure that your systems run efficiently, maintaining a high level of service availability while mitigating security risks associated with system instability. The improved lazy preemption model is another example of how Kernel 6.13 seeks to provide a robust and reliable platform for your enterprise needs. Modernizing with the Removal of ReiserFS Linux Kernel 6.13 represents another step toward modernizing and strengthening its security by shifting resources towards supporting more secure filesystems that have seen declining usage over time. ReiserFS was once popular but has seen less use and maintenance over time. By phasing it out from the kernel development community, resources can now be dedicated to supporting more modern filesystems with increased security and reliability. Moving away from ReiserFS may require adjustments but will ultimately contribute to a more secure and resilient infrastructure. XFS, ext4, and Btrfs offer improved storage solutions and are better supported - aligning well with Linux kernel modernization efforts to increase security and performance. Our Final Thoughts on the Linux Kernel 6.13 Release Linux Kernel 6.13 marks a substantial step in improving enterprise-grade systems' security, performance, and reliability. Boasting features like Arm Confidential Compute Architecture (ACCA), shadow stacks on 64-bit Arm processors, and Rust integration, it equips administrators with the tools needed to achieve a strong security posture. Furthermore, updates to filesystems, optimized lazypreemption models, and removing ReiserFS further emphasize its focus on providing robust platforms with secure solutions. As you contemplate upgrading to Linux Kernel 6.13, take note of its practical advantages for improving the security and stability of your infrastructure. These updates will help safeguard sensitive information, boost system performance, and create an environment that can withstand current and future cybersecurity threats. With Kernel 6.13 at your side, you are keeping pace with modernity and staying ahead with the innovative tools and technologies required to safeguard enterprise systems effectively. You can download Linux Kernel 6.13 from kernel.org. . Delve into the key advancements in Linux Kernel 6.13 aimed at enhancing business cybersecurity and optimizing system efficiency.. Enterprise Linux Security, Kernel Updates, System Performance Enhancements, Secure Filesystems, Memory Safety Improvements. . Brittany Day

Calendar%202 Jan 22, 2025 User Avatar Brittany Day Security Projects
79

Discover SystemD 253: Enhanced UKI Features for Linux Booting

The first systemd release of 2023 is here, and it introduces a brand spanking new tool for building Unified Kernel Image (UKI) files. . Fresh versions of systemd appear roughly twice a year, apart from release candidates. We reported on the last version, systemd 252, in November last year . As we said at the time, systemd 252 brought in support for Agent P's new, more secure Linux boot process . Those two stories have details of the UKI boot files and how they work. The support and tooling for UKI continues to improve, and one of the headline features in version 253 is a tool for building these unified kernel images, which is called ukify . . Systemd 253 brings notable enhancements, especially in Unified Kernel Image integration, aiming to improve operations and security for users and admins alike. SystemD Improvements, UKI Support, Enterprise Boot Processes. . LinuxSecurity.com Team

Calendar%202 Feb 21, 2023 User Avatar LinuxSecurity.com Team Security Projects
78

Red Hat Enterprise Linux Joins Oracle Cloud Infrastructure Partnership

Red Hat and Oracle announced jointly Tuesday that they have partnered to bring Red Hat Enterprise Linux (RHEL) to Oracle Cloud Infrastructure, broadening Oracle’s available public cloud options and creating a measure of détente between two long-standing competitors. . The announcement couched the news as step one in a broader partnership between Red Hat and Oracle, but provided details mostly of the OCI integration. RHEL will be available on Oracle’s VMs, ranging in size from 1 to 80 CPU cores and from 1GB of memory up to 1024GB. Initial support will be limited to the newer OCI virtual machine shapes, which use AMD, Intel and Arm processors. The idea is to provide an opportunity for customers who have workloads running on RHEL to move those into Oracle’s cloud. The ability for users to standardize on OCI, given the popularity of RHEL for a wide array of enterprise workloads, could prove valuable to Oracle’s push to make its cloud more competitive with the larger hyperscalers. . Announcing CentOS Stream on Azure, broadening choices for business applications and strengthening collaborations.. Red Hat, Oracle, Cloud Infrastructure, Enterprise Linux, Virtual Machines. . LinuxSecurity.com Team

Calendar%202 Feb 11, 2023 User Avatar LinuxSecurity.com Team Vendors/Products
78

EuroLinux: A RHEL-Centric Distribution Tailored for Business Needs

EuroLinux is a free-to-use RHEL-based Linux distribution, similar to CentOS and AlmaLinux, specifically geared toward businesses. . Linux distributions are widely known to cater to every type of user out there. EuroLinux is no surprise, as it supports enterprise-wide usage, making it ideal for offices, companies, public institutions, and private users. Based on the RHEL source code, EuroLinux has often been on top of its game since its launch in 2013. If you are an avid user of Windows or macOS, you will feel right at home with EuroLinux. . Explore EuroLinux, a cost-free Linux distribution based on RHEL, specially designed for companies and catering to enterprise applications.. EuroLinux, Enterprise Linux, RHEL-Based Distribution, Business Computing. . LinuxSecurity.com Team

Calendar%202 Oct 22, 2022 User Avatar LinuxSecurity.com Team Vendors/Products
76

Red Hat Universal Base Image on Docker Hub for Secure Containers

Red Hat has brought its Universal Base Image to Docker Hub as “Verified Publisher” images in an effort to help developers and operators build more secure and scalable containerized solutions. . Red Hat, Inc., the world's leading provider of enterprise open source solutions, today announced the availability of Red Hat Universal Base Image on Docker Hub as “Verified Publisher” images. This brings the power, reliability and enhanced security of the world’s leading enterprise Linux platform to the largest and most easily accessible registry for container images, making it easier for organizations to build cloud-native applications based on tested and trusted components of Red Hat Enterprise Linux. Red Hat Universal Base Images (UBI) are Open Container Initiative (OCI)-compliant, freely redistributable, container base operating system images that include complementary runtime languages and packages. Built from Red Hat Enterprise Linux, UBI images provide a more solid foundation for cloud-native and modern applications built in containers, as the core components retain the more secure and reliable characteristics of Red Hat Enterprise Linux. . Delve into the Red Hat Universal Base Image now accessible on Docker Hub for building secure container applications.. Red Hat Universal Base Image, Docker Hub, enterprise Linux. . Brittany Day

Calendar%202 May 28, 2021 User Avatar Brittany Day Organizations/Events
209

Strategizing For Enterprise Linux: Key Insights and Distribution Choices

From robust security to high levels of flexibility, Linux offers businesses an array of attractive benefits. Here's what you need to know in a nutshell about the modern enterprise Linux landscape. . Whether you are welcoming CentOS Stream or looking for alternatives, the recent decision from the CentOS community to focus on CentOS Stream has forced a lot of technical leaders to rethink their Enterprise Linux strategy. Beneath that decision, the business landscape involving Linux has shifted and expanded since its enterprise debut in the late 90s, when IBM would invest $1 billion in its development. Today, Linux comes in every shape and size imaginable — with the kernel running on tiny low power computers and IoT devices, mobile phones, tablets, laptops all the way up to midrange and high-power mainframe servers. Cutting through that expansive selection to understand which Linux distributions truly align with the needs of a business can lead to more frictionless deployments and successful execution while minimizing waste in maintenance cycles and optimizing overall cost. . Examine vital trends in the changing enterprise Linux ecosystem and discover how to select the optimal distribution for your organization.. Enterprise Linux, Business Strategy, Robust Security, CentOS Alternatives. . Brittany Day

Calendar%202 May 19, 2021 User Avatar Brittany Day Security Trends
78

AlmaLinux: Beta Release As A CentOS Alternative With RHEL Packages

AlmaLinux - the enterprise-level Linux distro created as an alternative to CentOS - has been released in beta with most RHEL packages. Get the detais on this release. . After Red Hat, CentOS's Linux parent company, announced it was shifting focus from CentOS Linux , the rebuild of Red Hat Enterprise Linux (RHEL) , to CentOS Stream , which tracks just ahead of a current RHEL release, many CentOS users were annoyed. CloudLinux , a company that had long made an eponymous RHEL clone for multi-tenant web and server hosting companies, announced it would create a new CentOS clone, AlmaLinux . It's now available as a beta. While Red Hat has extended a hand to disillusioned CentOS users with new free versions of RHEL for developers and small teams, other users are still looking for alternatives. That's where AlmaLinux comes in. . Delve into the preliminary launch of AlmaLinux, the latest enterprise-ready substitute for CentOS, encompassing a majority of RHEL packages.. AlmaLinux Beta, CentOS Replacement, RHEL Packages, Enterprise Linux, Linux Distribution. . LinuxSecurity.com Team

Calendar%202 Feb 02, 2021 User Avatar LinuxSecurity.com Team Vendors/Products
78

Red Hat RHEL: Free Offering For Development And Production Use

In response to complaints about Red Hat's latest plans for CentOS Linux, the vendor will start offering free RHEL for small production workloads and customer development teams. . When Red Hat announced it was switching up CentOS Linux from a stable Red Hat Enterprise Linux (RHEL) clone to a rolling Linux distribution , which would become the next minor RHEL update, many CentOS users were upset. Now, to appease some of those users, Red Hat is introducing no-cost RHEL for small production workloads and no-cost RHEL for customer development teams. First, in place of CentOS Linux, Red Hat would like to remind developers that no-cost RHEL has long existed through the Red Hat Developer program. The offering terms formerly limited its use to single-machine developers. Now Red Hat will expand this program so that the Individual Developer subscription for RHEL can be used in production for up to 16 systems. . Oracle unveils no-cost Oracle Linux to alleviate moving worries from CentOS for enterprise and engineering groups.. Red Hat Enterprise Linux, free RHEL, no-cost RHEL for developers. . LinuxSecurity.com Team

Calendar%202 Jan 22, 2021 User Avatar LinuxSecurity.com Team Vendors/Products
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200