• CWE update

    In the past Red Hat Product Security assigned weakness IDs only to vulnerabilities that meet certain criteria, more precisely, only vulnerabilities with CVSS score higher than 7. Since the number of incoming vulnerabilities was high, this filtering allowed us to focus on vulnerabilities that matter most. However, it also makes statistics incomplete, missing low and moderate vulnerabilities. In the previous year we started assigning weakness IDs to almost all vulnerabilities, greatly increasing...
    Posted 2015-03-11T14:30:24+00:00 - 0
  • Factoring RSA export keys - FREAK (CVE-2015-0204)

    This week's issue with OpenSSL export ciphersuites has been discussed in the press as "Freak" and "Smack". These are addressed by CVE-2015-0204, and updates for affected Red Hat products were released in January. Historically, the United States and several other countries tried to control the export or use of strong cryptographic primitives. For example, any company that exported cryptographic products from the United States needed to comply with certain key size limits. For RSA encryption, the...
    Posted 2015-03-04T14:45:50+00:00 - 0
  • RHEV Manager History Database Size Calculator

    We're proud to introduce a new Red Hat Access Labs app: RHEV Manager History Database Size Calculator. The RHEV Manager History Database Size Calculator helps you estimate how much space and resources will be used by the Red Hat Enterprise Virtualization 3.5 manager history database. The estimate is based on the number of entities and the length of time needed to retain the history records. The following parameters are used to make the estimate: Number of individual entities, including: Data...
    Posted 2015-03-03T04:08:13+00:00 - 0
  • Common Criteria

    ATTENTION This article has been superseded by the Red Hat Enterprise Linux Common Criteria FAQ located in the Knowledgebase. What is Common Criteria? Common Criteria (CC) is an international standard (ISO/IEC 15408) for certifying computer security software. Using Protection Profiles, computer systems can be secured to certain levels that meet requirements laid out by the Common Criteria. Established by governments, the Common Criteria treaty agreement has been signed by 17 26 countries, and...
    Posted 2015-02-25T14:30:56+00:00 - 1
  • Samba vulnerability (CVE-2015-0240)

    Samba is the most commonly used Windows interoperability suite of programs, used by Linux and Unix systems. It uses the SMB/CIFS protocol to provide a secure, stable, and fast file and print services. It can also seamlessly integrate with Active Directory environments and can function as a domain controller as well as a domain member (legacy NT4-style domain controller is supported, but the Active Directory domain controller feature of Samba 4 is not supported yet). CVE-2015-0240 is a security...
    Posted 2015-02-23T11:56:16+00:00 - 0
  • Post Over at community.redhat.com

    Check out our week at FOSDEM and Config Management Camp at community.redhat.com
    Posted 2015-02-04T20:35:21+00:00 - 3
  • Life-cycle of a Security Vulnerability

    Security vulnerabilities, like most things, go through a life cycle from discovery to installation of a fix on an affected system. Red Hat devotes many hours a day to combing through code, researching vulnerabilities, working with the community, and testing fixes–often before customers even know a problem exists. Discovery When a vulnerability is discovered, Red Hat engineers go to work verifying the vulnerability and rating it to determine it’s overall impact to a system. This is a most...
    Posted 2015-02-04T14:30:39+00:00 - 0
  • Security improvements in Red Hat Enterprise Linux 7

    Each new release of Red Hat® Enterprise Linux® is not only built on top of the previous version, but a large number of its components incorporate development from the Fedora distribution. For Red Hat Enterprise Linux 7, most components are aligned with Fedora 19, and with select components coming from Fedora 20. This means that users benefit from new development in Fedora, such as firewalld which is described below. While preparing the next release of Red Hat Enterprise Linux, we review...
    Posted 2015-01-28T14:30:34+00:00 - 0
  • Reactive Product Security at Red Hat

    The goal of Product Security at Red Hat is “to help protect customers from meaningful security concerns when using Red Hat products and services.” What does that really mean and how do we go about it? In this blog, we take a look at how Red Hat handles security vulnerabilities and what we do to reduce risk to our customers. In 2001, we founded a dedicated security team within Red Hat to handle product security. Back then, we really had just one product line, the Red Hat® Linux® distribution....
    Posted 2015-01-21T14:30:25+00:00 - 0
  • Deploying Red Hat Enterprise Linux Atomic Host with Red Hat Satellite 6

    With the ever changing landscape in IT, many enterprise environments are looking for ways to reduce or eliminate downtime, improve security, reduce footprint, and achieve application portability. Red Hat Enterprise Linux Atomic Host provides a way to achieve these goals. In this blog we cover the steps needed to setup Satellite 6 to deploy RHEL Atomic Hosts within your environment. The Environment The lab environment consists of a single Satellite 6 server running an integrated capsule...
    Posted 2015-01-13T14:06:06+00:00 - 17
  • Update on Red Hat Enterprise Linux 6 and FIPS 140 validations

    Red Hat achieved its latest successful FIPS 140 validation back in April 2013. Since then, a lot has happened. There have been well publicized attacks on cryptographic protocols, weaknesses in implementations, and changing government requirements. With all of these issues in play, we want to explain what we are doing about it. One of the big changes was that we enabled support of Elliptic Curve Cryptography (ECC) and Elliptic Curve Diffie Hellman (ECDH) in Red Hat Enterprise Linux to meet the...
    Posted 2015-01-12T14:30:06+00:00 - 0
  • Red Hat launches Red Hat Satellite 5.7

    We are proud to announce the availability of Red Hat Satellite 5.7, the last upgrade to Red Hat Satellite 5. Red Hat Satellite improves Red Hat Enterprise Linux environment management by increasing automation, and adding discipline, simplified administrative workflows and processes. With Red Hat Satellite, you can manage tens, hundreds, or even thousands of servers as easily as one. Red Hat Satellite 5.7 is the latest of the Red Hat Satellite 5 series and features several highlights, including...
    Posted 2015-01-09T20:19:50+00:00 - 0
  • Before you initiate a "docker pull"

    In addition to the general challenges that are inherent to isolating containers, Docker brings with it an entirely new attack surface in the form of its automated fetching and installation mechanism, "docker pull". It may be counter-intuitive, but "docker pull" both fetches and unpacks a container image in one step. There is no verification step and, surprisingly, malformed packages can compromise a system even if the container itself is never run. Many of the CVE's issues against Docker have...
    Posted 2014-12-18T14:30:57+00:00 - 0
  • Container Security: Isolation Heaven or Dependency Hell

    Docker is the public face of Linux containers and two of Linux's unsung heroes: control groups (cgroups) and namespaces. Like virtualization, containers are appealing because they help solve two of the oldest problems to plague developers: "dependency hell" and "environmental hell." Closely related, dependency and environmental hell can best be thought of as the chief cause of "works for me" situations. Dependency hell simply describes the complexity inherent in modern application's tangled...
    Posted 2014-12-17T14:30:37+00:00 - 0
  • Red Hat Satellite 6 Performance Tuning: OS and Web Performance

    Satellite 6 is the next generation Linux systems management tool and is the combined product of many open source projects, including Foreman, Katello, Pulp, Candlepin, and Puppet. Since all of these projects bring different features and functionality, the performance of your Satellite 6 server is essential. This post covers two simple ways to immediately improve performance for the Satellite 6 Server: - Changing your OS tuned profile - Adding an Apache KeepAlive directive to the web...
    Posted 2014-12-10T21:37:28+00:00 - 7
  • Analysis of the CVE-2013-6435 Flaw in RPM

    The RPM Package Manager (RPM) is a powerful command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. RPM was originally written in 1997 by Erik Troan and Marc Ewing. Since then RPM has been successfully used in all versions of Red Hat Linux and currently in Red Hat Enterprise Linux. RPM offers considerable advantages over traditional open-source software install methodology of building from source via tar balls,...
    Posted 2014-12-10T14:30:50+00:00 - 0
  • Disabling SSLv3 on the client and server

    Recently, some Internet search engines announced that they would prefer websites secured with encryption over those that were not.  Of course there are other reasons why securing your website with encryption is beneficial.  Protecting authentication credentials, mitigating the use of cookies as a means of tracking and allowing access, providing privacy of your users, and authenticating your own server thus protecting the information you are trying to convey to your users.  And while setting up...
    Posted 2014-12-03T14:30:23+00:00 - 0
  • VNC Configurator

    We're proud to introduce a new Red Hat Access Labs app: VNC Configurator Virtual Network Computing (VNC) is a common technology allowing remote desktop control for Red Hat Enterprise Linux systems. Although fully supported on all modern RHEL versions, it does not come installed by default. In order to use it, there are several steps involved with installation and configuration. This app helps guide you through the deployment process by asking a few questions, which will provide a script for...
    Posted 2014-12-01T09:18:26+00:00 - 3
  • Registration Assistant

    We're proud to introduce a new Red Hat Access Labs app: Registration Assistant. The Registration Assistant will guide you towards the best registration option for your Red Hat Enterprise Linux environment. Simply select the Red Hat Enterprise Linux Version and the subscription management technology you are using and the app will provide the appropriate commands to register your system. Some screenshots of the app are included below. Feel free to experiment with the app and let us know what...
    Posted 2014-11-12T21:12:57+00:00 - 0
  • Enterprise Linux 6.5 to 6.6 risk report

    Red Hat Enterprise Linux 6.6 was released the 14th of October, 2014, eleven months since the release of 6.5 in November 2013. So lets use this opportunity to take a quick look back over the vulnerabilities and security updates made in that time, specifically for Red Hat Enterprise Linux 6 Server. Red Hat Enterprise Linux 6 is in its fourth year since release, and will receive security updates until November 30th 2020. Errata count The chart below illustrates the total number of security updates...
    Posted 2014-11-12T14:30:28+00:00 - 0
  • Can SSL 3.0 be fixed? An analysis of the POODLE attack.

    SSL and TLS are cryptographic protocols which allow users to securely communicate over the Internet. Their development history is no different from other standards on the Internet. Security flaws were found with older versions and other improvements were required as technology progressed (for example elliptic curve cryptography or ECC), which led to the creation of newer versions of the protocol. It is easier to write newer standards, and maybe even implement them in code, than to adapt...
    Posted 2014-10-20T14:27:34+00:00 - 0
  • POODLE - An SSL 3.0 Vulnerability (CVE-2014-3566)

    Red Hat Product Security has been made aware of a vulnerability in the SSL 3.0 protocol, which has been assigned CVE-2014-3566. All implementations of SSL 3.0 are affected. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. To mitigate this vulnerability, it is recommended that you explicitly disable SSL 3.0 in favor of TLS 1.1 or later in all affected packages. A brief history Transport Layer Security (TLS) and its...
    Posted 2014-10-15T14:44:40+00:00 - 0
  • The Source of Vulnerabilities, How Red Hat finds out about vulnerabilities.

    Red Hat Product Security track lots of data about every vulnerability affecting every Red Hat product. We make all this data available on our Measurement page and from time to time write various blog posts and reports about interesting metrics or trends. One metric we've not written about since 2009 is the source of the vulnerabilities we fix. We want to answer the question of how did Red Hat Product Security first hear about each vulnerability? Every vulnerability that affects a Red Hat...
    Posted 2014-10-08T13:30:48+00:00 - 0
  • Satellite 6.0 Discovery Plugin

    Satellite 6.0 features automatic bare-metal discovery which is implemented as a PXE-boot live image with minimized Red Hat Enterprise Linux that is running from memory. Once Satellite 6.0 is configured to boot the discovery image for all unknown hosts, new nodes calls home during the start and wait until they are provisioned. Installation and Setup Before we start setting up the plugin and the image, verify the following prerequisites are met: Satellite 6.0.5 with bare-metal provisioning setup...
    Posted 2014-10-02T14:15:13+00:00 - 9
  • Frequently Asked Questions about the Shellshock Bash flaws

    The recent few days have been hectic for everyone who works in the Linux/Unix world. Bash security flaws have rocked the globe leaving people confused, worried, or just frustrated. Now that the storm is over and patches are available for most operating systems, here are the answers to some of the common questions we've been asked: Why are there four CVE assignments? The original flaw in Bash was assigned CVE-2014-6271. Shortly after that issue went public a researcher found a similar flaw that...
    Posted 2014-09-26T11:50:33+00:00 - 0

Pages

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.