Fedora Security Team
Vulnerabilities in software happen. When they get fixed it's up to the packager to make those fixes available to the systems using the software. Duplicating much of the response efforts that Red Hat Product Security performs for Red Hat products, the Fedora Security Team (FST) has recently been created to assist packagers get vulnerability fixes downstream in a timely manner. At the beginning of July, there were over 500 vulnerability tickets open* against Fedora and EPEL. Many of these...Towards efficient security code audits
Conducting a code review is often a daunting task, especially when the goal is to find security flaws. They can, and usually are, hidden in all parts and levels of the application - from the lowest level coding errors, through unsafe coding constructs, misuse of APIs, to the overall architecture of the application. Size and quality of the codebase, quality of (hopefully) existing documentation and time restrictions are the main complications of the review. It is therefore useful to have a plan...Explore certified partner solutions with the new Red Hat Certification Catalog
Today, we are excited to announce the addition of a new Red Hat Certification Catalog to the numerous resources within the Customer Portal. Red Hat collaborates with hundreds of companies that develop hardware, devices, plug-ins, software applications, and services that are tested, supported, and certified to run on Red Hat technologies. Empowered with the new Red Hat Certification Catalog, you can explore a wide variety of partner solutions to: Ensure your Red Hat solution is running on...Red Hat Customer Portal Wins Association of Support Professionals Award
We're excited to announce that for the fourth consecutive year, the Red Hat Customer Portal has been named one of the industry’s "Ten Best Web Support Sites” by the Association of Support Professionals (ASP). ASP is an international membership organization for customer support managers and professionals. The "Ten Best Web Support Sites" competition is an awards program that showcases excellence in online service and support, and this year we were honored alongside other technology industry...Network Bonding Helper
We're proud to introduce a new Red Hat Access Labs app: Network Bonding Helper. Red Hat Enterprise Linux allows administrators to bind network interface controllers (NICs) together into a single channel using the bonding kernel module and a special network interface known as a bonding (or channel bonding) interface. Bonding enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy. This app is designed to help you configure bonding....Kernel Oops Analyzer
We're proud to introduce a new Red Hat Access Labs app: Kernel Oops Analyzer. This tool is designed to help you diagnose a kernel crash. When you input a text or a file including one or more kernel oops messages, we will walk you through diagnosing the kernel crash issue. To use this app, copy and paste a text or choose a file including kernel oop messages and click the Detect button. All kernel messages will be extracted and shown on the right side of the page. If only one kernel oops message...OpenSSL Privilege Separation Analysis
As part of the security response process, Red Hat Product Security looks at the information that we obtain in order to align future endeavors, such as source code auditing, to where problems occur in order to attempt to prevent repeats of previous issues. Private key isolation When Heartbleed was first announced, a patch was proposed to store private keys in isolated memory, surrounded by an unreadable page. The idea was that the process would crash due to a segmentation violation before the...Red Hat Enterprise Linux 7 is here: new improvements to downloads, product page, and documentation
With the upcoming release of Red Hat Enterprise Linux 7 on Tuesday June 10th, we've improved several things for our customers to provide the best experience yet. Two new ways to download a product- A product page download section, and a revamped downloads area: A refined getting started guide, using icons to help prep and set expectations for a basic deployment of RHEL 7 Curated content for user tasks to help customers accomplish their most important tasks A redesigned look and feel to the docs...Introducing comments for documentation
We're excited to announce the new ability to comment on new documentation within the Customer Portal. This is live and available today and we'll begin to roll this out for future documentation releases as well. For an example see the Red Hat Enterprise Linux 7 Release Notes. Several months ago we introduced a survey for our documentation to gather feedback from the people who use it the most. With this most recent release we wanted to take that a step further, as we felt it was really...Defeating memory comparison timing oracles
The standard C functions for comparing two strings of the same length, memcmp can be implemented naïvely as follows: For each byte in the two strings: From both strings, load the byte at the position currently under consideration and compare their values. If they are not equal, return some value matching the sign of their difference (as unsigned bytes). If no differing bytes are discovered, return 0. From time to time, there are reports that this implementation results in a timing oracle...SSL/TLS Everywhere – visions of a secure OpenStack
As most people familiar with OpenStack are already aware, it is made up of many software components that are typically deployed in a distributed manner. The more scalable an OpenStack deployment is, the more distributed the underlying components are as the infrastructure is usually scaled out horizontally on commodity hardware. As a consequence of this distributed architecture, there are many communication channels used between all of the software components. We have users communicating...At the Summit? Visit the Customer Experience Booth!
At the Summit? Stop by the Customer Experience booth and do the following: Talk to Red Hat Support Engineers about your technical issues, upcoming products, or anything else you can think of! Enter our tech challenge for a chance to win a pair of Bose QC-15 noise canceling headphones. Interested in further details? Swing by the booth! Not sure where our booth is? From the main entry point to the Moscone Center South on Howard Street, simply walk in and instead of getting on the escalators,...Moscone Center Gearing up for Red Hat Summit!
Sitting here at the Moscone Center in San Francisco, one can sense a palpable excitement for the upcoming Red Hat Summit! Keynotes begin tonight and the customer experience booth opens at 5pm. Come on by and take our skills test to see how you do. Not in San Francisco? Don't worry, head on over to http://www.redhat.com/summit/ and live stream the keynotes tonight starting at 6:30pm PDT / 9:30pm EDT / 1:30am UTC. Too late in the evening for you? The keynotes will be recorded and those are...New Red Hat Enterprise Linux 7 Security Feature: systemd-journald
A lot has already been written about systemd-journald. For example, this article describes the security benefits of the journal. I would argue that systemd-journal is not a full replacement for syslog. The syslog format is ubiquitous, and I don't see it going away. On all Red Hat Enterprise Linux 7 machines, syslog will still be on by default. This is because it's still the defacto mechanism for centralizing your logging data, and most tools that analyze log data read syslog data. The journald...New Red Hat Enterprise Linux 7 Security Feature: systemd Starting Daemons
Why is this a security feature? In previous releases of Red Hat Enterprise Linux, system daemons would be started in one of two ways: At boot, init (sysV) launches an initrc script and then this script launches the daemon. An admin can log in and launch the init script by hand, causing the daemon to run. Let me show you what this means from an SELinux point of view. NOTE: In the code below, @ means execute, --> indicates transition, and === indicates a client/server communication. The...Changes to the Customer Portal
The latest release of the Customer Portal offers a few new changes with regard to content and our navigational layout that we’re really excited about. We recently introduced new product pages that serve as centralized locations for you to find all available resources in relation to a product. These pages offer direct access to our knowledge, documentation, videos, discussions, and more. We're happy to announce that we now offer pages for all of Red Hat's currently supported products. We've...KDump Helper
We're proud to introduce a new Red Hat Access Labs app: KDump Helper. KDump is a reliable kernel crash-dumping mechanism that captures crash dumps for troubleshooting issues like kernel crashes, hangs, and reboots. Setting up KDump usually requires a series of steps and configurations. We developed the KDump Helper app to simplify the process and reduce the effort required to set KDump up on your machines. Input a minimum amount of information and this app will generate an all-in-one script for...Welcome to the New Customer Portal Blogs!
With this latest site release for the Red Hat Customer Portal, we're adding a new blog feature that we're very excited about. These blogs give us the ability to provide a unique channel of information and interaction to you, our customers. You'll have the opportunity to stay up to date on our various products and services, and we encourage you to share your ideas and suggestions with our various Red Hat contributors. The initial set of Customer Portal blogs covers areas such as security,...The Right Performance Tool for the Task
As an engineer who works on performance tools at Red Hat, I often get seemingly simple questions along the lines of, "How do I get performance tool X to collect Y data?" Unfortunately, many times the answer is that "tool X does not measure Y." This leads to a dicussion about the performance problem being investigated. With additional background information, it becomes much easier to suggest more promising tools and techniques to get the desired measurements. Given the number of performance...Determining Whether an Application Has Poor Cache Performance
Modern computer systems include cache memory to hide the higher latency and lower bandwidth of RAM memory from the processor. The cache has access latencies ranging from a few processor cycles to 10 or 20 cycles, rather than the hundreds of cycles needed to access RAM. If the processor must frequently obtain data from the RAM rather than the cache, performance will suffer. With Red Hat Enterprise Linux 6 and later distributions, the system use of cache can be measured with the perf utility...Examining Huge Pages or Transparent Huge Pages Performance
All modern processors use page-based mechanisms to translate the user-space processes virtual addresses into physical addresses for RAM. The pages are commonly 4KB in size, and the processor can hold a limited number of virtual-to-physical address mappings in the Translation Lookaside Buffers (TLB). The number of TLB entries ranges from tens to hundreds of mappings. This limits a processor to a few megabytes of memory it can address without changing the TLB entries. When a virtual-to-physical...Introducing Red Hat Access Labs!
We are thrilled to announce Red Hat Access Labs! Red Hat Access Labs is a new way for Red Hat engineers to deliver tools to help improve performance, quickly troubleshoot issues, identify security problems, or assist with any other issue we see our customers experiencing in their IT environments. Go to the Access Labs landing page to check out the five applications we've launched so far. Here's the inaugural group: SCSI Decoder: Quickly detect, decode, and resolve SCSI error messages...Security audits through reimplementation
For many networking protocols and file formats exist which interoperate with each other. Developing an implementation for a protocol or format diverges from previous implementations in subtle ways, at least initially. Such differences can uncover previously unnoticed corner cases which are not handled properly, and sometimes reveal security vulnerabilities. For example, in the mid-90s, it was discovered that Samba's SMB client, smbclient, did not restrict user name length in the same way...CWE Vulnerability Assessment Report 2013
Common Weakness Enumeration (CWE) is a list or dictionary of common software weaknesses. Red Hat has adopted CWE as a common language for describing and classifying vulnerabilities, used as a base for evaluation and prevention of weaknesses. Results of classifications are reviewed periodically and are used to direct our efforts in strengthening security of development practices, tools, assessment services, education programs and documentation. As a part of this effort Red Hat Customer Portal...Securing Openstack's Dashboard using Django-Secure
When it comes to security it is an unfortunate reality that technologies are rarely straight forward to use or easy to deploy. So it is quite refreshing to find something that breaks that mould. There is a fantastic project called django-secure which I believe does just this. The idea is to provide a way to enforce secure defaults for django projects. It achieves this in two key ways. The first being a deployment check that you can run as a part of typical django-admin manage.py workflow, the...
Quick Links
Help
Site Info
Related Sites
Systems Status
About
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit