Red Hat Customer Portal

Skip to main content

  • StackOverflow Assistance Pilot

    As a valued customer you have access to extensive content and certain products for developer use, which help you create your applications quickly. We want to assist you wherever you may look for help. We know developers love StackOverflow. For a limited time, as a subscriber you can sign up for our StackOverflow Assistance pilot. As part of this pilot, we will try to respond within 24 hours to your developer question on a Red Hat product within StackOverflow, if it hasn’t already been answered...
    Posted 2016-06-24T19:39:31+00:00 - 0
  • StackOverflow Pilot Program Monitored Tags

    Posted 2016-06-23T20:20:17+00:00 - 0
  • StackOverflow Pilot Program Monitored Tags

    Posted 2016-06-23T20:18:57+00:00 - 0
  • StackOverflow Pilot Program Monitored Tags

    As part of the StackOverflow Pilot Program, the list of StackOverflow tags we will be monitoring include: jboss jboss7.x jboss5.x jboss6.x Jboss-eap-6 jboss-eap-7 jbossamq jbossfuse jboss-logging jboss-web jboss-cli openshift openshift-client-tools openshift-enterprise jboss-messaging jboss-modules jboss-tools jboss-mdb jbossws jboss-esb jboss-rules jboss-cache jboss-portal Keycloak drools apache-camel cxf activemq karaf apache-karaf Fabric8 apiman jBPM bpm
    Posted 2016-06-23T20:15:14+00:00 - 0
  • Redefining how we share our security data.

    Red Hat Product Security has long provided various bits of machine-consumable information to customers and users via our Security Data page. Today we are pleased to announce that we have made it even easier to access and parse this data through our new Security Data API service. While we have provided this information since January 2005, it required end users to download the content from the site, which meant you either downloaded many files and kept a local copy, or you were downloading large...
    Posted 2016-06-23T13:30:00+00:00 - 0
  • How Red Hat uses CVSS v3 to Assist in Rating Flaws

    Humans have been measuring risk since the dawn of time. "I'm hungry, do I go outside my awesome cave here and forage for food? There might be something bigger, scarier, and hungrier than me out there...maybe I should wait?" Successfully navigating through life is a series of Risk/Reward calculations made each and every day. Sometimes, ideally, the choices are small ("Do I want fries with that?") while others can lead to catastrophic outcomes if the scenario isn't fully thought-through and...
    Posted 2016-06-21T20:16:50+00:00 - 0
  • Satellite 6.2 Beta 2 New Available

    Download the beta here Review beta documentation Open a ticket on the beta Red Hat is pleased to announce the the second beta for Satellite 6.2. Beta 2 is immediately available to all current beta customers. The list of new features in this beta can be reviewed in the Beta 1 Announcement Satellite 6.2 Beta - What's New Lots of bug fixes based on your feedback The first beta had very good adoption. Thank you for your time. Based on your feedback we have resolved many bugs. Specifically, you...
    Posted 2016-06-15T12:39:58+00:00 - 0
  • The Answer is always the same: Layers of Security

    There is a common misperception that now that containers support seccomp we no longer need SELinux to help protect our systems. WRONG. The big weakness in containers is the container possesses the ability to interact with the host kernel and the host file systems. Securing the container processes is all about shrinking the attack surface on the host OS and more specifically on the host kernel. seccomp does a great job of shrinking the attack surface on the kernel. The idea is to limit the...
    Posted 2016-05-25T13:30:00+00:00 - 0
  • CVE-2016-3710: QEMU: out-of-bounds memory access issue

    Quick Emulator (aka QEMU) is an open source systems emulator. It emulates various processors and their accompanying hardware peripherals like disc, serial ports, NIC et al. A serious vulnerability of out-of-bounds r/w access through the Video Graphics Array (VGA) emulator was discovered and reported by Mr Wei Xiao and Qinghao Tang of Marvel Team at Inc. This vulnerability is formally known as Dark Portal. In this post we'll see how Dark Portal works and its mitigation. VGA is a hardware...
    Posted 2016-05-11T13:30:00+00:00 - 1
  • Satellite 6.2 Beta Now Available

    Download the beta here Review beta documentation Open a ticket on the beta Red Hat is pleased to announce the Satellite 6.2 beta. Available to all current Satellite customers, the beta includes several highly demanded features. Satellite 6.2 Beta - New Features and Functionality Increase Efficiency with Automated Workflows Satellite 6.2 introduces remote execution, automating workflows and enabling users to take multiple actions against groups of systems. Now Satellite 6.2 can automatically...
    Posted 2016-04-26T14:23:02+00:00 - 36
  • Red Hat Product Security Risk Report: 2015

    This report takes a look at the state of security risk for Red Hat products for calendar year 2015. We look at key metrics, specific vulnerabilities, and the most common ways users of Red Hat products were affected by security issues. Our methodology is to look at how many vulnerabilities we addressed and their severity, then look at which issues were of meaningful risk, and which were exploited. All of the data used to create this report is available from public data maintained by Red Hat...
    Posted 2016-04-20T13:30:00+00:00 - 3
  • Badlock response planning and remediation with Red Hat Insights

    Many customers utilize the SMB (Server Message Block) protocol in their production environments. SMB has become a reliable file and print sharing resource protocol for RHEL deployments in many infrastructures through the Samba project, allowing greater usage of shared and cross platform resources. There is a new man-in-the-middle vulnerability, named “badlock,” that targets any implementation of Microsoft’s Local Security Authentication and Security Account Manager remote protocols. This...
    Posted 2016-04-12T14:30:23+00:00 - 0
  • Using r10k with Red Hat Satellite 6

    Table of contents Background Legal Disclaimer Version Information Installing r10k Configuring r10k Setting up the repository Deploying the modules Importing into Satellite 6 Assigning the environment Pros and cons of working with r10k Background From time to time, we get questions from customers already using Puppet, on whether it is possible to incorporate an existing Puppet workflow based on r10k into Satellite 6. These customers are often well accustomed to the r10k workflow and do not...
    Posted 2016-04-01T07:45:33+00:00 - 0
  • Security risks with higher level languages in middleware products

    Java-based high-level application-specific languages provide significant flexibility when using middleware products such as BRMS. This flexibility comes at a price as there are significant security concerns in their use. In this article the usage of Drools language and MVEL in JBoss BRMS is looked at to demonstrate some of these concerns. Other middleware products might be exposed to similar risks. Java is an extremely feature-rich portable language that is used to build a great range of...
    Posted 2016-03-23T13:30:00+00:00 - 0
  • Satellite 6.1.8 is Released

    Satellite 6.1.8 has been released. This update fixes the following bugs: Previously, the katello-backup tool did not handle the '--help' argument correctly. With this update, katello-backup provides the appropriate help information when passed the argument. (BZ#1250185) Removing a Puppet module from the Libary after it had been added to a content view caused the Puppet Modules tab to become unresponsive. The display code has been updated, and the Puppet Modules tab now displays the deleted...
    Posted 2016-03-22T22:24:29+00:00 - 2
  • Automate RPM build with Mock and Satellite-6

    In any modern development environment automation is crucial. For Red Hat flavoured OS'es, application management typically is based on RPM packages. Bringing automation into an RPM development environment sooner or later leads to Mock With Satellite-6, Mock has finally a capable life cycle management counterpart. In large projects with several teams working on interdependent components, Satellite Content Views (CVs) are powerful means to provide a solid baseline...
    Posted 2016-03-07T10:07:21+00:00 - 0
  • Subscription-manager for the former Red Hat Network User: Part 3 - Understanding virt-who

    Overview In Subscription-manager for the Former Red Hat Network User, part 1 & part 2, we covered an introduction to the client-side tooling . This article aims to cover virt-who, a critical component of the server-side Subscription Management tooling. What is virt-who? With the introduction of the 2010 subscription model, Red Hat introduced subscriptions, where the customer could buy a single subscription (for a hypervisor) which allowed 1, 4 or unlimited virtual guests to run on that...
    Posted 2016-03-05T19:31:22+00:00 - 0
  • Planning your response to the OpenSSL DROWN vulnerability

    When a major security risk like the new OpenSSL DROWN vulnerability strikes, you have to plan your response. Generally, you should start outside (Internet-facing) and work your way inside, and prioritize those servers which expose vulnerable network services over those that simply have an older package installed. For more information on the DROWN security vulnerability (CVE-2016-0800) please refer to this Vulnerability Article. Identifying risk To help you respond to DROWN, Red Hat Insights...
    Posted 2016-03-01T16:03:02+00:00 - 0
  • Go home SSLv2, you’re DROWNing

    The SSLv2 protocol had its 21st birthday last month, but it’s no cause to celebrate with an alcohol beverage, since the protocol was already deprecated when it turned 18. Announced today is an attack called DROWN that takes advantage of systems still using SSLv2. Many cryptographic libraries already disable SSLv2 by default, and updates from the OpenSSL project and Red Hat today catch up. What is DROWN? CVE-2016-0800, also known as DROWN, stands for Decrypting RSA using Obsolete and Weakened...
    Posted 2016-03-01T13:00:00+00:00 - 0
  • Addressing CVE-2015-7547, CVE-2015-5229, and any other scary errata via Red Hat Satellite 6.1

    Addressing CVE-2015-7547, CVE-2015-5229, and any other scary errata via Red Hat Satellite 6.1 Overview On 16 Feb, 2016, Red Hat released RHSA-2016-0176, the errata that addresses a number of critical security flaws in glibc. Given the severity and scope of this security vulnerability, it is critical that we quickly and reliably deploy the updated errata that addresses these security flaws. There are a few considerations that need to be taken into account: Identifying which systems are affected...
    Posted 2016-02-18T19:29:41+00:00 - 4
  • Subscription-manager for the former Red Hat Network User: Part 2 - Subscription-manager learns grep

    Overview As a user of subscription-manager, I find myself frequently frustrated when running a subscription-manager list --all --available to find a specific subscription. As I am using an account that has a large number of subscriptions this is painful. And since each subscription has a varying amount of output associated with it, using grep (even with the -A switch) is painful. Ultimately, I end up piping the output via my PAGER (less|more|most) until I find the pool ID that I want. That is...
    Posted 2016-02-11T12:09:58+00:00 - 0
  • Subscription-manager for the former Red Hat Network User: Part 1

    One of the first major differences between Satellite 5 & Satellite 6 is the client side tooling. Satellite 5 leveraged the various RHN tools (rhn_register, rhnreg_ks, etc). Satellite 6 uses subscription-manager. Over the next few articles, we'll deep-dive into the various subscription management tools (such as subscription-manager, rct, virt-who, and others ), with the goal of providing a better understanding to how these tools work. Firstly, some background is in order. There is a major...
    Posted 2016-02-06T22:31:46+00:00 - 0
  • Primes, parameters and moduli

    First a brief history of Diffie-Hellman for those not familiar with it The short version of Diffie-Hellman is that two parties (Alice and Bob) want to share a secret so they can encrypt their communications and talk securely without an eavesdropper (Eve) listening in. So Alice and Bob first share a public prime number and modulus (which Eve can see). Alice and Bob then each choose a large random number (referred to as their private key) and apply some modular arithmetic using the shared prime...
    Posted 2016-01-20T12:00:00+00:00 - 0
  • The SLOTH attack and IKE/IPsec

    Executive Summary: The IKE daemons in RHEL7 (libreswan) and RHEL6 (openswan) are not vulnerable to the SLOTH attack. But the attack is still interesting to look at . The SLOTH attack released today is a new transcript collision attack against some security protocols that use weak or broken hashes such as MD5 or SHA1. While it mostly focuses on the issues found in TLS, it also mentions weaknesses in the "Internet Key Exchange" (IKE) protocol used for IPsec VPNs. While the TLS findings are very...
    Posted 2016-01-15T12:00:00+00:00 - 0
  • DevOps On The Desktop: Containers Are Software As A Service

    It seems that everyone has a metaphor to explain what containers "are". If you want to emphasize the self-contained nature of containers and the way in which they can package a whole operating system's worth of dependencies, you might say that they are like virtual machines. If you want to emphasize the portability of containers and their role as a distribution mechanism, you might say that they are like a platform. If you want to emphasize the dangerous state of container security nowadays,...
    Posted 2015-12-23T12:00:00+00:00 - 0