Red Hat Security Blog: July 2018 archives

  • SPECTRE Variant 1 scanning tool

    As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this tool via this article. This tool is not a Red Hat product. As such, it is not supported and does not come with any kind of warranty. The tool only works on static binaries and does not simulate an entire running system. This means it will neither follow jumps through...
    Posted 2018-07-18T13:30:00+00:00 - 0
  • Red Hat’s disclosure process

    Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around responsible disclosure. It has caused us to look back to see what went wrong so as to prevent this from happening in the future. Because of how important our relationships with the community and industry partners are and how seriously we treat non-...
    Posted 2018-07-10T13:00:00+00:00 - 0