July 2021 - TuxCare

CentOS 6 ELS: CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 gradual rollout completed

A new updated CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production repository.

Continue reading “CentOS 6 ELS: CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 gradual rollout completed”

Happy Sysadmin Day from TuxCare!

The last Friday of July is System Administrator Appreciation Day. It’s the one day when Sysadmins like you who have been putting out users’ fires since 1946 should get a break. All year, you have been the heroes, silently guarding companies of all shapes and sizes. Maintaining the five nines and tirelessly performing countless patching cycles. You’ve been responding to emergencies and cleaning up after your user’s mistakes. And you’ve been doing this day in, day out, often early in the morning, late at night and over the weekend when your users have been off enjoying themselves.

Continue reading “Happy Sysadmin Day from TuxCare!”

CentOS 6 ELS: perl package with the fix for the CVE-2020-10878 gradual rollout

A new updated perl package within CentOS 6 ELS with the fix for the CVE-2020-10878 has been scheduled for gradual rollout from our production repository.

OracleLinux 6 ELS: perl package with the fix for the CVE-2020-10878 released

A new updated perl package with the fix for the CVE-2020-10878 within OracleLinux 6 ELS is now available for download from our production repository.

Continue reading “OracleLinux 6 ELS: perl package with the fix for the CVE-2020-10878 released”

Testing CVE-2021-22922 and CVE-2021-22923 / Extended Lifecycle Support

Continuing our trend of testing all the CVEs that come out that may affect the Linux distributions covered by our Extended Lifecycle Support, the team went to work on CVE-2021-22922 and CVE-2021-22923.

These vulnerabilities affect curl, a piece of software that has been around for many years, included as a component in multiple different applications and distributions and is just a great and useful data transfer tool. It supports different protocols, encryption mechanisms and architectures, and this versatility has even garnered it the distinction of being used outside of planet Earth. It is part of the software stack in a Martian rover.

Continue reading “Testing CVE-2021-22922 and CVE-2021-22923 / Extended Lifecycle Support”

CentOS 6 ELS: CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 gradual rollout

A new updated CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 within CentOS 6 ELS has been scheduled for gradual rollout from our production repository.

Continue reading “CentOS 6 ELS: CentOS 6 kernel v.2.6.32-754.35.7 with the fix for the CVE-2021-33909 gradual rollout”

Curl’s 20-year-old bug is resilient – back for another fix – CVE-2021-22925

Some weeks ago, CVE-2021-22898 was published. It affects curl/libcurl from version 7.7, dating from the 22nd of March 2001. It consisted of a flaw in the way a rarely used option, CURLOPT_TELNETOPTIONS, was parsed which could lead to data exfiltration. At the time, a fix was produced and submitted to the curl/libcurl codebase, and the problem dealt with. That is, until CVE-2021-22925 showed up on the 21st of July. Apparently the initial fix for the previous vulnerability did not correctly address the issue, and so a new fix has been produced.

This issue affects curl version 7.7 up to 7.77.0, which is roughly all curl versions included by default in most Linux distributions for the previous 20 years except for the most recent distribution versions that ship curl 7.78.0 (or higher).

TuxCare’s Extended Lifecycle Support team has prepared and has started to make available the new patch for all affected distributions, namely CloudLinux 6, CentOS 6, OracleLinux 6 and Ubuntu 16.04.

 

Continue reading “Curl’s 20-year-old bug is resilient – back for another fix – CVE-2021-22925”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching