Monthly TuxCare Update – May 2021
The Enterprise Linux industry has become more complex to maintain, which raises the need for a trusted partner for Linux maintenance. In this monthly overview you will find a round-up of the latest CVEs patched by the TuxCare Team. Also, carry on reading for details of what TuxCare offers you, our newly introduced live patching services and how these match the growth of your organization.
Content:
1. CVEs disclosed in May
2. How to run multiple End-of-Life Distributions In Your Infrastructure and Remain Secure?
3. Live Patching Services for Enterprise Linux: What’s New & How You May Benefit From It
4. Linux Support Services: Available for AlmaLinux OS 8 and other popular Enterprise Linux distributions
5. TuxCare Blog: Editor’s Pick
CVEs disclosed in May
Our main goal is to help clients overcome security breaches. To achieve this, TuxCare Extended Lifecycle Support Services track and test vulnerabilities across several packages.
- CVE-2021-23017 affects all versions of nginx, including those that are bundled with distributions already past their End-of-Life. TuxCare patches were released on the same day the vulnerability was disclosed.
- CVE-2021-22898 and CVE-2021-22901 both affect libcurl. During our testing, we discovered that they did not affect the Linux distributions covered by our services.
How to run multiple End-of-Life Distributions In Your Infrastructure and Remain Secure?
The nginx vulnerability mentioned above is just another example of how it feels to use a Linux distribution no longer supported by a vendor – UNSAFE. At the same time, it may be a necessary part of your migration plan, during which your systems must remain protected.
TuxCare Extended Lifecycle Support services include updates and security patches for all operating system packages. These do not affect any of your current running infrastructures, are affordably priced and do not require a mandatory annual subscription before you start using the service. Available for CentOS 6, Oracle Linux 6 and Ubuntu 16.04, plus support for Debian will be released soon.
Live Patching Services for Enterprise Linux: What’s New & How You May Benefit From It
To support the requirements that larger organizations have for patching EVERY Linux system securely, we took our KernelCare Enterprise as the basis of the service and added:
- ePortal server
- Integration with popular vulnerability and automation scanners
Additionally, you can now include:
- Live patching of shared libraries to make sure you never experience bugs like HeartBleed
- Live patching of IoT devices for Enterprise IoT users and Original Equipment Manufacturers
- QEMU virtualization live patching for companies with QEMU-based virtualization systems
- Database Backend live patching for securing your data and protecting your systems from crypto-miners
To familiarise yourself with any of TuxCare Live Patching Services, you can apply for a free proof of concept and see how it can help your organization avoid security beaches.
Linux Support Services: Available for AlmaLinux OS 8 and other popular Enterprise Linux distributions
How can we maintain all of these distros, and what makes us experts at this? First of all, the company started 11 years ago with an RHEL fork and proceeded with supporting systems that have to be continuously updated. Hence, every support request is answered by a TuxCare architect, each with 10+ years of experience in enterprise infrastructure maintenance.
The TuxCare team is not just another OS vendor. We go beyond bug fixes and updates to help solve security, interoperability and connectivity issues of the open-source software in enterprise solutions.
TuxCare Blog: Editor’s Pick
- The 2021 Deep Dive To Linux Kernel Update
- The Risks of Running End-Of-Life OS – And How To Manage Them
- Why improving SecOps Can Save You Money
- Open Source Code is Public, But Are The Right People Looking At It?
Regarding the last article, check out the discussion between Jay from the LearnLinuxTV and TuxCare Evangelist Joao Correia on how the University of Minnesota got the open-source wrong, plus the strengths and weaknesses of open-source in general.