October 2020 - Page 2 of 2 - TuxCare

KernelCare+ Beta Has Completed – Purchase The Production Version

KernelCare+ Beta Has Completed - Purchase The Production Version

No downtime or non-compliant? That is the question for companies that do not use automated patch services. There is no middle ground when it comes to the security of your clients and the well-being of your business. Especially now, when live patching is available not only for Linux kernels but also for Glibc and OpenSSL. KernelCare+ patches shared Glibc and OpenSSL libraries without service restarts or server reboots — and it has already been tested!

Continue reading “KernelCare+ Beta Has Completed – Purchase The Production Version”

How to Try or Purchase KernelCare+ (2 Different Ways)

KERNELCARESince the beginning of KernelCare+ Beta testing, we’ve been working hard on the automation of the trial and purchase of live patching for shared libraries. Today, we are glad to announce the availability of KernelCare+ Trial and Purchase functionality in CloudLinux Network (CLN). Now you can try KernelCare+ for 7 days and purchase it instantly, through your CLN account.
Continue reading “How to Try or Purchase KernelCare+ (2 Different Ways)”

Linux Kernel Vulnerabilities to Know (and Mitigate Without Reboot)

Linux Kernel vulnerabilities you should know With the Linux open-source community, you have the power of developers adding to its codebase improving features and performance. The downside to this approach is that hackers also have access to source code and any vulnerabilities that they find can be used against Linux-based devices including critical servers. Known vulnerabilities are reported to a centralized NIST vulnerability database where vendors, developers, and users can be aware of exploits that affect specific software versions. A Common Vulnerabilities and Exposures (CVE) report is your cue to patch software including the Linux kernel when an issue is found. Note: Not every Linux patch gets a CVE, but you can stay up-to-date with latest updates on kernel.org.

Continue reading “Linux Kernel Vulnerabilities to Know (and Mitigate Without Reboot)”

Rebootless patches for RHSA-2020:3861 are on the way

Rebootless patches for RHSA-2020-3861 are on the way

Last year, a CVE-2019-19126 vulnerability was discovered in glibc, where the LD_PREFER_MAP_32BIT_EXEC environment variable is not ignored when running binaries with the setuid flag on x86_64 architectures. This allows an attacker to force the system to utilize only half of the memory (making the system think the software is 32-bit only), thus lowering the amount of memory being used with address space layout randomization (ASLR). This week, an update for glibc has become available for Red Hat Enterprise Linux 7 from the RHEL. But for the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. We are currently preparing rebootless patches which will be ready for distribution next week.

Continue reading “Rebootless patches for RHSA-2020:3861 are on the way”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching