Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found 16 articles for you...
210

Debian, Ubuntu, Red Hat: CVE-2024-1086 Critical Threat of Kernel Exploit

In the world of open-source software , security vulnerabilities can have widespread consequences. The recent publication of a Linux privilege-escalation proof-of-concept exploit has sent shockwaves through the Linux community, demanding the immediate attention of Linux admins, infosec professionals, internet security enthusiasts, and sysadmins. . This flaw in the Linux kernel, CVE-2024-1086 , affects versions between 5.14 and 6.6.14 and can be exploited to gain root access on vulnerable machines. This could allow malicious actors to perform virtually any action they wish and could enable malware already on a computer to cause further damage. While the vulnerability has been patched, the implications and long-term consequences of such vulnerabilities warrant a closer examination. Using vulnerability management software can prevent such attacks. What Are the Implications of This Flaw? How Can I Secure My Systems Against It? Several critical aspects of this Linux kernel flaw should be highlighted. First, the vulnerability's extensive reach should be noted. It affects well-known Linux distributions such as Debian, Ubuntu, Red Hat, and Fedora. This broad scope raises concerns regarding the number of systems that might still be vulnerable despite the availability of patches. The bug hunter Notselwyn, who developed the proof-of-concept exploit, states, "Never had I ever gotten so much joy developing a project, specifically when dropping the first root shell with the bug." The Linux kernel flaw, with a CVSS severity rating of 7.8 out of 10, poses significant security risks to Linux systems. From a critical perspective, the immediate question arises: how was such a vulnerability present in the Linux kernel and remained undetected for so long? This highlights the need for robust security protocols and thorough code reviews within the open-source community to prevent such critical flaws from being exploited. Furthermore, this issue draws attention to the specific technical details ofthe exploit, encompassing the double-free bug in the Linux kernel's netfilter component involving nf_tables. A method called "Dirty Pagedirectory" is also used in this exploit, which builds on an earlier Linux kernel universal exploit technique. This technique grants unlimited, stable read/write access to all memory pages in a Linux system, ultimately providing an attacker complete control over the compromised system. This revelation raises questions about the potential misuse of this technique beyond the current exploit, highlighting the long-term consequences that this vulnerability may have on Linux security. Security practitioners, Linux admins, infosec professionals, and sysadmins must protect their systems against such vulnerabilities by applying the necessary patches and closely examining their security protocols to detect and prevent future vulnerabilities. Moreover, staying updated on security news and developments within the Linux community is crucial. Our Final Thoughts on This Recent Kernel Bug This article aims to shed light on a critical Linux kernel flaw that exposes systems to a privilege-escalation exploit and raise awareness among Linux admins, infosec professionals, and sysadmins about such vulnerabilities' potential risks and implications. By fostering a proactive approach to security, prioritizing patching, and continuously enhancing their security measures, admins can safeguard against future threats. . A significant flaw in the Linux kernel presents a danger of system compromise. Explore its consequences and mitigation techniques for enhanced security.. Linux Kernel Flaw, Privilege Escalation Threat, Security Risks, Vulnerability Management. . Brittany Day

Calendar%202 Apr 19, 2024 User Avatar Brittany Day Security Vulnerabilities
78

Red Hat Enterprise Linux Joins Oracle Cloud Infrastructure Partnership

Red Hat and Oracle announced jointly Tuesday that they have partnered to bring Red Hat Enterprise Linux (RHEL) to Oracle Cloud Infrastructure, broadening Oracle’s available public cloud options and creating a measure of détente between two long-standing competitors. . The announcement couched the news as step one in a broader partnership between Red Hat and Oracle, but provided details mostly of the OCI integration. RHEL will be available on Oracle’s VMs, ranging in size from 1 to 80 CPU cores and from 1GB of memory up to 1024GB. Initial support will be limited to the newer OCI virtual machine shapes, which use AMD, Intel and Arm processors. The idea is to provide an opportunity for customers who have workloads running on RHEL to move those into Oracle’s cloud. The ability for users to standardize on OCI, given the popularity of RHEL for a wide array of enterprise workloads, could prove valuable to Oracle’s push to make its cloud more competitive with the larger hyperscalers. . Announcing CentOS Stream on Azure, broadening choices for business applications and strengthening collaborations.. Red Hat, Oracle, Cloud Infrastructure, Enterprise Linux, Virtual Machines. . LinuxSecurity.com Team

Calendar%202 Feb 11, 2023 User Avatar LinuxSecurity.com Team Vendors/Products
215

RHEL Workstation Available On AWS Cloud With Desktop-as-a-Service

The cloud Desktop-as-a-Service gains traction, as you can now run an RHEL WorkStation via any web browser from Amazon Web Services. . Once upon a time, and it wasn't that long ago, "desktops" were terminals to mainframes or midrange computers running Unix. Then along came the PC, and everything changed. That is, until now. Today, Desktop-as-a-Service (DaaS) is making a comeback. And Red Hat is joining this trend with the general availability of Red Hat Enterprise Linux for Workstations (RHEL WS) on Amazon Web Services , announced Tuesday. It's not the only one. Canonical , Ubuntu Linux 's parent company, is now offering its Ubuntu desktop on AWS as well. And, if you've been watching closely, Microsoft has the same plan. . The synergy between Red Hat Enterprise Linux and Amazon Web Services is reshaping DaaS, enhancing secure and scalable cloud workstations for users.. Cloud Desktop, RHEL Workstation, Desktop-as-a-Service. . Brittany Day

Calendar%202 Oct 24, 2022 User Avatar Brittany Day Desktop Security
210

Linux Kernel 5.11.8: Spectre Attack Mitigations Bypass Advisory

Cybersecurity researchers have identified two new vulnerabilities in Linux-based OSes that, if successfully exploited, could enable attackers to bypass mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. . Discovered by Piotr Krysiuk of Symantec's Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) — impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20, with Ubuntu, Debian, and Red Hat deploying fixes for the vulnerabilities in their respective Linux distributions. While CVE-2020-27170 can be abused to reveal content from any location within the kernel memory, CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory. The link for this article located at The Hacker News is no longer available. . Newly discovered weaknesses could enable cybercriminals to circumvent Spectre defenses on Linux platforms, raising issues of data privacy.. Linux Kernel Security,Spectre Attack,Kernel Mitigation Bypass,Red Hat Fix. . Brittany Day

Calendar%202 Mar 29, 2021 User Avatar Brittany Day Security Vulnerabilities
78

Red Hat RHEL: Free Offering For Development And Production Use

In response to complaints about Red Hat's latest plans for CentOS Linux, the vendor will start offering free RHEL for small production workloads and customer development teams. . When Red Hat announced it was switching up CentOS Linux from a stable Red Hat Enterprise Linux (RHEL) clone to a rolling Linux distribution , which would become the next minor RHEL update, many CentOS users were upset. Now, to appease some of those users, Red Hat is introducing no-cost RHEL for small production workloads and no-cost RHEL for customer development teams. First, in place of CentOS Linux, Red Hat would like to remind developers that no-cost RHEL has long existed through the Red Hat Developer program. The offering terms formerly limited its use to single-machine developers. Now Red Hat will expand this program so that the Individual Developer subscription for RHEL can be used in production for up to 16 systems. . Oracle unveils no-cost Oracle Linux to alleviate moving worries from CentOS for enterprise and engineering groups.. Red Hat Enterprise Linux, free RHEL, no-cost RHEL for developers. . LinuxSecurity.com Team

Calendar%202 Jan 22, 2021 User Avatar LinuxSecurity.com Team Vendors/Products
78

Red Hat OpenShift 4.6: Seamless Management Of Linux And Windows Containers

Most container work is done with Linux - but the fact that some jobs are also done with Windows-based containers can't be ignored. Now Red Hat makes it possible to manage both Linux and Windows containers with Kubernetes via OpenShift. . Containers are largely a Linux technology. But Microsoft, besides supporting Linux containers on Windows 10 and Azure, also has its own Windows-based containers. So it is that many Microsoft-oriented companies run both Linux and Windows containers. After all, these days, there are more Linux virtual machines (VM)s and containers running on Linux on Azure than there are Windows Server VMs. But managing Linux and Windows containers with one interface is not such an easy trick. So, I expect Red Hat to find many customers for its latest OpenShift Kubernetes feature: The ability to run and manage both Linux and Windows containers from one program . To pull off this trick, Red Hat OpenShift 4.6 uses the Windows Machine Config Operator (WMCO) . This is a certified OpenShift operator based on the Kubernetes Operator Framework , which is jointly supported by both Red Hat and Microsoft. . Red Hat OpenShift now supports both Linux and Windows containers, facilitating diverse workload deployment in Kubernetes while enhancing management and scalability.. Red Hat OpenShift, Container Management, Kubernetes Management, Windows and Linux Containers, Cross-Platform Container. . LinuxSecurity.com Team

Calendar%202 Jan 08, 2021 User Avatar LinuxSecurity.com Team Vendors/Products
78

CentOS 8 End Support: Transitioning To Stream By Red Hat

The free ride is over for CentOS users. Red Hat has announced that it is shifting its focus to CentOS Stream - the upstream branch of RHEL, and support for CentOS Linux 8 will end in 2021. According to Red Hat, "CentOS Stream will be getting fixes and features ahead of RHEL. Generally speaking, we expect CentOS Stream to have fewer bugs and more runtime features than RHEL until those packages make it into the RHEL release." . C entOS is an acronym for Community Enterprise Operating System, and it is a 100% rebuild of RHEL (Red Hat Enterprise Linux). While RHEL costs money, CentOS offered as a free community-supported enterprise Linux distro. Developers and companies who are good at Linux and don’t want to pay RHEL support fees always selected CentOS to save money and get enterprise-class software. However, the free ride is over. Red Hat announced that CentOS Linux 8, as a rebuild of RHEL 8, will end at 2021. CentOS Stream continues after that date, serving as the upstream (development) branch of Red Hat Enterprise Linux. The link for this article located at nixCraft is no longer available. . The shift from Ubuntu 20.04 LTS to Ubuntu 21.10 redefines user experiences and organizational assistance, introducing innovative priorities and improvements.. CentOS Stream, Linux Transition, Red Hat Enterprise, CentOS End of Life. . LinuxSecurity.com Team

Calendar%202 Dec 14, 2020 User Avatar LinuxSecurity.com Team Vendors/Products
78

CentOS Stream Transition Sparks User Outrage Over Stability Risks

CentOS is becoming a rolling Linux distribution - and many users aren't happy about it. This change leaves businesses depending on CentOS for a stable server or embedded operating system in the lurch. . Red Hat , CentOS 's Linux parent company, announced it was " shifting focus from CentOS Linux , the rebuild of Red Hat Enterprise Linux (RHEL) , to CentOS Stream , which tracks just ahead of a current RHEL release." In other words, CentOS will no longer be a stable point distribution but a rolling release Linux distribution . CentOS users are ticked off. Why? First, you need to understand what's going on. A rolling-release Linux is one that's constantly being updated. Examples of these include Arch, Manjaro , and openSUSE Tumbleweed . Here, CentOS Stream will be RHEL's upstream (development) branch. This may sound like CentOS will be RHEL's beta, but CentOS denies this. . The transition of Red Hat from the dependable CentOS Linux to a more fluid release model is stirring concern within the community and enterprises that depend on consistent performance.. CentOS Stream, Red Hat Enterprise Linux, Rolling Release, User Feedback, Linux Stability. . LinuxSecurity.com Team

Calendar%202 Dec 10, 2020 User Avatar LinuxSecurity.com Team Vendors/Products
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200