Red Hat Security Blog: May 2016 archives

  • The Answer is always the same: Layers of Security

    There is a common misperception that now that containers support seccomp we no longer need SELinux to help protect our systems. WRONG. The big weakness in containers is the container possesses the ability to interact with the host kernel and the host file systems. Securing the container processes is all about shrinking the attack surface on the host OS and more specifically on the host kernel. seccomp does a great job of shrinking the attack surface on the kernel. The idea is to limit the...
    Posted 2016-05-25T13:30:00+00:00 - 0
  • CVE-2016-3710: QEMU: out-of-bounds memory access issue

    Quick Emulator (aka QEMU) is an open source systems emulator. It emulates various processors and their accompanying hardware peripherals like disc, serial ports, NIC et al. A serious vulnerability of out-of-bounds r/w access through the Video Graphics Array (VGA) emulator was discovered and reported by Mr Wei Xiao and Qinghao Tang of Marvel Team at Inc. This vulnerability is formally known as Dark Portal. In this post we'll see how Dark Portal works and its mitigation. VGA is a hardware...
    Posted 2016-05-11T13:30:00+00:00 - 1