January 2022 - TuxCare

Using CentOS 8 and worried about LUKS? Here’s how TuxCare can help

Death, taxes, and new CVEs… those are all things we can be very certain about in life. For users of CentOS 8, the inevitable has now happened: a new CVE was reported covering a serious vulnerability that affects a broad group of users. Users of CentOS 8 won’t get access to an official patch due to EOL.

If you’re on CentOS 8 right now you’re in a tight spot. You can’t continue to run an unsecured, non-compliant workload indefinitely – particularly when such a major vulnerability has been identified. Nor can you rush your migration, because that could have disastrous consequences of its own.

In this article we outline what the latest LUKS vulnerability is, why it poses such a significant danger – and explain how TuxCare’s live patching service can help tide you over until you’re ready to migrate.

Continue reading “Using CentOS 8 and worried about LUKS? Here’s how TuxCare can help”

CentOS 8: Why extended support is better than rushed migration

Still using CentOS 8 even though it’s now unsupported, and in spite of the obvious risks? Well, in a way it’s understandable. Red Hat took everyone by surprise when it cut the official support window for CentOS 8 from ten years to two years, leaving you with just a year’s notice that the OS is going end of life.

A year sounds like a long time, but it flies by in the life of a busy sysadmin – and it’s not a particularly long period of time to test system migration. But if the recently discovered LUKS bug pushed you into action, we want to use this article to tell you to stop and wait. A rushed, ill-considered migration can be catastrophic.

Read on to see what you should think about before you migrate, and why extended lifecycle support may well be a better option than rushing through a migration process.

Continue reading “CentOS 8: Why extended support is better than rushed migration”

PwnKit, or how 12-year-old code can give root to unprivileged users

It looks like IT teams have no respite. Following all the hassles caused by log4j (and its variants), there is a new high profile, high-risk vulnerability making the rounds. CVE-2021-4034, or PwnKit if you’re into fancy CVE nicknames, is a polkit vulnerability that lets unprivileged users gain root privileges on basically any Linux system out there that has polkit installed.

TuxCare’s Extended Lifecycle Support team is preparing patches for all supported distributions, and they will be available for deployment soon. This post will be updated to reflect the actual availability for each distribution as it happens.

[NOTE: Patches are now available for Centos6, Oracle6, CL6, Ubuntu16, and Centos8.4. More to follow. You can track actual distribution support through the CVE dashboard here: https://cve.tuxcare.com/cve/CVE-2021-4034.]

Continue reading “PwnKit, or how 12-year-old code can give root to unprivileged users”

When migrating to CentOS Stream makes sense (and when it does not)

Just over a year ago Red Hat announced that the company is changing gears on CentOS, dropping support for the stable release of CentOS that’s so universally popular, while continuing to drive development of CentOS Stream.

At the time of announcing this change, Red Hat appeared to suggest that many workloads could migrate seamlessly from CentOS 7 or 8 to CentOS Stream, and that the change in approach was broadly beneficial, including for the ongoing development of enterprise Linux.

The community backlash was firm. Most CentOS users considered it a drastic step that disrupted established IT plans, particularly given that a promised CentOS 8 support window was radically cut by several years.

Yet, in many ways, CentOS Stream is still CentOS, a binary compatible RHEL clone. But a single difference – the fact that CentOS Stream is updated more frequently at weekly intervals rather than every six months – has important implications for many workloads, if not all workloads.

Red Hat is not entirely wrong when it says CentOS Stream could be a replacement for CentOS 8. That said, for many users, this single change makes CentOS Stream unviable. So, can you switch from CentOS 8 to Stream without fuss? And under which circumstances is it simply not an option? Read on to find out.

Continue reading “When migrating to CentOS Stream makes sense (and when it does not)”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching