Red Hat Security Blog: November 2013 archives
-
Enterprise Linux 6.4 to 6.5 risk report
Red Hat Enterprise Linux 6.5 was released last week (November 2013), nine months since the release of 6.4 in February 2013. In this report we take a look back over the vulnerabilities and security updates since that last update, specifically for Red Hat Enterprise Linux 6 Server. Red Hat Enterprise Linux 6 is in its fourth year since release, and will receive security updates until November 30th 2020. Errata count The chart below illustrates the total number of security updates issued for Red... -
Java Deserialization Flaws: Part 1, Binary Deserialization
Serialization is a feature of programming languages that allows the state of in-memory objects to be represented in a standard format, which can be written to disk or transmitted across a network. Java includes powerful serialization capabilities as a core feature of the language. All classes which implement the java.io.Serializable interface can be serialized and deserialized, with Java handling the plumbing automatically. Serialization is now widely used in Java applications as a mechanism... -
October: What have we been doing for you?
The Red Hat Product Security Team is constantly working behind the scenes to protect our customers. Here are just a few things that we've been working on in October: Auditing packages - One of the big tasks our team members work on is reviewing software packages to make sure they meet our high standards. Prelink is dead - We worked closely with the Fedora community to have prelink removed from the distribution (by default). Prelink disables address space layout randomization (ASLR) which...