Welcome to the December installment of our monthly news round-up, bought to you by TuxCare. We’re proud to be the Enterprise Linux industry’s trusted maintenance services provider. Our live patching solutions minimize your maintenance workload and system disruption while at the same time maximizing security and system uptime.
A new updated vim package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production repository.
A new updated binutils package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production repository.
GNU Binutils is one of the fundamental packages in a development environment – it includes several different tools for manipulating ELF files, object files, and others that are important in the binary creation process. So finding and fixing issues in it strengthens the whole process and has far-reaching benefits.
In the latest batch of updates released by the Extended Lifecycle Support team for the supported Linux distributions, over 90 CVEs were fixed in GNU Binutils.
While backporting fixes for the binutils package for older Linux distributions covered by Extended Lifecycle Support, the team identified a vulnerability in the way CVE-2018-12699 was originally addressed. This new vulnerability allows for memory corruption and denial of service under specific conditions of binutils functionality, which, in turn, is used by multiple other packages.
The original vulnerability had a 9.8 CVSS (v3) score, and the newly identified vulnerability has been assigned a 7.5 CVSS (v3) score. The latest update of binutils available for service subscribers already includes a proper fix for the underlying issue, and the code was fixed in the upstream open source project after our report.
A new updated exim package within Ubuntu 16.04 ELS is now available for download from our production repository.
We are pleased to announce that a new updated ePortal version 1.29-1 is now available.
A new updated nss package within CentOS 6 ELS has been rolled out to 100% and is now available for download from our production repository. Continue reading “CentOS 6 ELS: nss package gradual rollout completed”
If you ask a sysadmin what annoys him or her the most about their job, chances are pretty high that you’ll get, in no particular order, answers like “users”, “faulty updates”, or “calls on a Friday afternoon”. Some will also give you random answers like “after hours’ work” or “having their systems breached”.
Having a ransomware incident on your production servers will tick almost all the boxes. Systems will be down, your users (or customers) will complain, and you’ll have to spend an inordinate amount of time getting everything back in working order.
Now picture this happening in December, and the procedures to get things back in working order taking an expected three weeks. Christmas spirit will be sorely missing.
A new updated binutils package within OracleLinux OS 6 ELS is now available for download from our production repository.