December 2021 - TuxCare

Monthly TuxCare Update – December 2021

Welcome to the December installment of our monthly news round-up, bought to you by TuxCare. We’re proud to be the Enterprise Linux industry’s trusted maintenance services provider. Our live patching solutions minimize your maintenance workload and system disruption while at the same time maximizing security and system uptime.

Continue reading “Monthly TuxCare Update – December 2021”

Extended Lifecycle Support update for binutils covers 92 CVEs

GNU Binutils is one of the fundamental packages in a development environment – it includes several different tools for manipulating ELF files, object files, and others that are important in the binary creation process. So finding and fixing issues in it strengthens the whole process and has far-reaching benefits.

 

In the latest batch of updates released by the Extended Lifecycle Support team for the supported Linux distributions, over 90 CVEs were fixed in GNU Binutils.

Continue reading “Extended Lifecycle Support update for binutils covers 92 CVEs”

CVE-2021-45078 identified by TuxCare’s Extended Lifecycle Support Team

While backporting fixes for the binutils package for older Linux distributions covered by Extended Lifecycle Support, the team identified a vulnerability in the way CVE-2018-12699 was originally addressed. This new vulnerability allows for memory corruption and denial of service under specific conditions of binutils functionality, which, in turn, is used by multiple other packages.

 

The original vulnerability had a 9.8 CVSS (v3) score, and the newly identified vulnerability has been assigned a 7.5 CVSS (v3) score. The latest update of binutils available for service subscribers already includes a proper fix for the underlying issue, and the code was fixed in the upstream open source project after our report.

 

Continue reading “CVE-2021-45078 identified by TuxCare’s Extended Lifecycle Support Team”

How Ransomware can ruin Christmas for IT Teams

If you ask a sysadmin what annoys him or her the most about their job, chances are pretty high that you’ll get, in no particular order, answers like “users”, “faulty updates”, or “calls on a Friday afternoon”. Some will also give you random answers like “after hours’ work” or “having their systems breached”. 

Having a ransomware incident on your production servers will tick almost all the boxes. Systems will be down, your users (or customers) will complain, and you’ll have to spend an inordinate amount of time getting everything back in working order. 

Now picture this happening in December, and the procedures to get things back in working order taking an expected three weeks. Christmas spirit will be sorely missing.

Continue reading “How Ransomware can ruin Christmas for IT Teams”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching