Quick Emulator (aka QEMU) is an open source systems emulator. It emulates various processors and their accompanying hardware peripherals like disc, serial ports, NIC et al. A serious vulnerability of out-of-bounds r/w access through the Video Graphics Array (VGA) emulator was discovered and reported by Mr Wei Xiao and Qinghao Tang of Marvel Team at 360.cn Inc. This vulnerability is formally known as Dark Portal. In this post we'll see how Dark Portal works and its mitigation.
VGA is a hardware...
Download the beta here
Review beta documentation
Open a ticket on the beta
Red Hat is pleased to announce the Satellite 6.2 beta. Available to all current Satellite customers, the beta includes several highly demanded features.
Satellite 6.2 Beta - New Features and Functionality
Increase Efficiency with Automated Workflows
Satellite 6.2 introduces remote execution, automating workflows and enabling users to take multiple actions against groups of systems. Now Satellite 6.2 can automatically...
This report takes a look at the state of security risk for Red Hat products for calendar year 2015. We look at key metrics, specific vulnerabilities, and the most common ways users of Red Hat products were affected by security issues.
Our methodology is to look at how many vulnerabilities we addressed and their severity, then look at which issues were of meaningful risk, and which were exploited. All of the data used to create this report is available from public data maintained by Red Hat...
Many customers utilize the SMB (Server Message Block) protocol in their production environments. SMB has become a reliable file and print sharing resource protocol for RHEL deployments in many infrastructures through the Samba project, allowing greater usage of shared and cross platform resources. There is a new man-in-the-middle vulnerability, named “badlock,” that targets any implementation of Microsoft’s Local Security Authentication and Security Account Manager remote protocols.
Table of contents
Setting up the repository
Deploying the modules
Importing into Satellite 6
Assigning the environment
Pros and cons of working with r10k
From time to time, we get questions from customers already using Puppet, on whether it is possible to incorporate an existing Puppet workflow based on r10k into Satellite 6.
These customers are often well accustomed to the r10k workflow and do not...
Java-based high-level application-specific languages provide significant flexibility when using middleware products such as BRMS. This flexibility comes at a price as there are significant security concerns in their use. In this article the usage of Drools language and MVEL in JBoss BRMS is looked at to demonstrate some of these concerns. Other middleware products might be exposed to similar risks.
Java is an extremely feature-rich portable language that is used to build a great range of...
Satellite 6.1.8 has been released. This update fixes the following bugs:
Previously, the katello-backup tool did not handle the '--help' argument correctly. With this update, katello-backup provides the appropriate help information when passed the argument. (BZ#1250185)
Removing a Puppet module from the Libary after it had been added to a content view caused the Puppet Modules tab to become unresponsive. The display code has been updated, and the Puppet Modules tab now displays the deleted...
In any modern development environment automation is crucial. For Red Hat flavoured OS'es, application management typically is based on RPM packages. Bringing automation into an RPM development environment sooner or later leads to Mock https://fedorahosted.org/mock/.
With Satellite-6, Mock has finally a capable life cycle management counterpart. In large projects with several teams working on interdependent components, Satellite Content Views (CVs) are powerful means to provide a solid baseline...
In Subscription-manager for the Former Red Hat Network User, part 1 & part 2, we covered an introduction to the client-side tooling . This article aims to cover virt-who, a critical component of the server-side Subscription Management tooling.
What is virt-who?
With the introduction of the 2010 subscription model, Red Hat introduced subscriptions, where the customer could buy a single subscription (for a hypervisor) which allowed 1, 4 or unlimited virtual guests to run on that...
When a major security risk like the new OpenSSL DROWN vulnerability strikes, you have to plan your response. Generally, you should start outside (Internet-facing) and work your way inside, and prioritize those servers which expose vulnerable network services over those that simply have an older package installed.
For more information on the DROWN security vulnerability (CVE-2016-0800) please refer to this Vulnerability Article.
To help you respond to DROWN, Red Hat Insights...
The SSLv2 protocol had its 21st birthday last month, but it’s no cause to celebrate with an alcohol beverage, since the protocol was already deprecated when it turned 18.
Announced today is an attack called DROWN that takes advantage of systems still using SSLv2.
Many cryptographic libraries already disable SSLv2 by default, and updates from the OpenSSL project and Red Hat today catch up.
What is DROWN?
CVE-2016-0800, also known as DROWN, stands for Decrypting RSA using Obsolete and Weakened...
Addressing CVE-2015-7547, CVE-2015-5229, and any other scary errata via Red Hat Satellite 6.1
On 16 Feb, 2016, Red Hat released RHSA-2016-0176, the errata that addresses a number of critical security flaws in glibc. Given the severity and scope of this security vulnerability, it is critical that we quickly and reliably deploy the updated errata that addresses these security flaws.
There are a few considerations that need to be taken into account:
Identifying which systems are affected...
As a user of subscription-manager, I find myself frequently frustrated when running a subscription-manager list --all --available to find a specific subscription. As I am using an account that has a large number of subscriptions this is painful. And since each subscription has a varying amount of output associated with it, using grep (even with the -A switch) is painful. Ultimately, I end up piping the output via my PAGER (less|more|most) until I find the pool ID that I want. That is...
One of the first major differences between Satellite 5 & Satellite 6 is the client side tooling. Satellite 5 leveraged the various RHN tools (rhn_register, rhnreg_ks, etc). Satellite 6 uses subscription-manager. Over the next few articles, we'll deep-dive into the various subscription management tools (such as subscription-manager, rct, virt-who, and others ), with the goal of providing a better understanding to how these tools work.
Firstly, some background is in order. There is a major...
First a brief history of Diffie-Hellman for those not familiar with it
The short version of Diffie-Hellman is that two parties (Alice and Bob) want to share a secret so they can encrypt their communications and talk securely without an eavesdropper (Eve) listening in. So Alice and Bob first share a public prime number and modulus (which Eve can see). Alice and Bob then each choose a large random number (referred to as their private key) and apply some modular arithmetic using the shared prime...
Executive Summary: The IKE daemons in RHEL7 (libreswan) and RHEL6 (openswan) are not vulnerable to the SLOTH attack. But the attack is still interesting to look at .
The SLOTH attack released today is a new transcript collision attack against some security protocols that use weak or broken hashes such as MD5 or SHA1. While it mostly focuses on the issues found in TLS, it also mentions weaknesses in the "Internet Key Exchange" (IKE) protocol used for IPsec VPNs. While the TLS findings are very...
It seems that everyone has a metaphor to explain what containers "are". If you want to emphasize the self-contained nature of containers and the way in which they can package a whole operating system's worth of dependencies, you might say that they are like virtual machines. If you want to emphasize the portability of containers and their role as a distribution mechanism, you might say that they are like a platform. If you want to emphasize the dangerous state of container security nowadays,...
The Customer Portal team here at Red Hat talks A LOT about content. We talk about creating it, serving it, indexing it and maintaining it. The list goes on. One aspect of content we’ve been focusing on a lot lately, and one I talked about in a previous post, is presentation. Even the best, most detailed and accurate content can still fail customers if it’s not presented well.
As a result of this insight, we’ve turned our collective eyes toward security content and its presentation in the...
Provisioning in PXE-less or DHCP-less environments is a common scenario in the enterprise and Satellite 6 offered Bootdisk plugin to solve this problem partially. The Satellite 6.1.5 feature erratum introduces PXE-less discovery which is a great alternative with much broader hardware support.
Starting today, it is possible to boot provisioned hosts from the Discovery image directly as a CDROM/DVDROM ISO that can be also transferred to hard drive or USB stick. Since the Discovery image is based...
Bootdisk plugin enables Satellite users to download Host based or Generic host images. These are small ISO images pre-loaded with SYSLINUX which chainloads iPXE. The iPXE firmware is able to load kernels via HTTP, but since there is no PXE (UNDI) involved, hardware iPXE driver must exist for this to work. Unfortunately, not all network cards will work with iPXE, therefore the host-based images cannot be used.
The Host image embeds network credentials (IP, gateway, netmask, DNS) therefore DHCP...
In April 2015 we took a look at a years worth of branded vulnerabilities, separating out those that mattered from those that didn’t. Six months have passed so let’s take this opportunity to update the report with the new vulnerabilities that mattered across all Red Hat products.
ABRT (April 2015) CVE-2015-3315:
ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report. ABRT was vulnerable to multiple race condition and...
Since 2009, Red Hat has provided details of vulnerabilities with CVE names as part of our mission to provide as much information around vulnerabilities that affect Red Hat products as possible. These CVE pages distill information from a variety of sources to provide an overview of each flaw, including information like a description of the flaw, CVSSv2 scores, impact, public dates, and any corresponding errata that corrected the flaw in Red Hat products.
Over time this has grown to include more...
We are pleased to announce that Red Hat Satellite version 6.1.1, released August 2015, now features integration with Puppet Enterprise. It’s available today on the Puppet Forge.
For customers with both Red Hat Satellite version 6.1.1 and Puppet Enterprise, this module will enable the availability of facts and Puppet agent run reports in both Puppet Enterprise and in Red Hat Satellite, preserving the health dashboards, inventory, and search capabilities of both products. More information and...
Here in the Red Hat Customer Portal we're always striving for the best possible customer experience. We constantly examine feedback, identify pain points, and test to make sure we're delivering on the subscription value that sets Red Hat apart from its competitors. We make enhancements continuously, but in this post I wanted to round up a few recent changes that hopefully improve your experience as a user of the Red Hat Customer Portal.
Knowlegebase content redesign - If you’re a regular...
Last week, Red Hat investigated an intrusion on the sites of both the Ceph community project (ceph.com) and Inktank (download.inktank.com), which were hosted on a computer system outside of Red Hat infrastructure.
download.inktank.com provided releases of the Red Hat Ceph product for Ubuntu and CentOS operating systems. Those product versions were signed with an Inktank signing key (id 5438C7019DCEEEAD). ceph.com provided the upstream packages for the Ceph community versions signed with a Ceph...