ClickCease Monthly KernelCare Update - March 2021 - TuxCare

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Monthly KernelCare Update – March 2021

April 2, 2021 - TuxCare expert team

Monthly KernelCare blog

In this month’s update, we highlight CVEs that just won’t die. We’ve also published some critical information regarding live patching the Microsoft Azure IoT Hub with KernelCare IoT integrations. Additionally, we know many still love their old, unsupported distros. The KernelCare team presents an in-depth checklist on how to upgrade an unsupported OS. Keep reading for more details or watch a quick video recap.
.

{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=True, width=’1920′, height=’1080′, player_id=’44341854981′, style=” %}

 


Old and New Exploits Abound!

 

March was a busy month for CVE research and identification. Turns out Spectre is still a threat, and three new Zombie Kernel Bugs were identified. Not to mention the relisting of the Mmap Kernel Vulnerability. For in-depth analyses, check out the links below.

 

Mmap Kernel Vulnerability is Relisted

Three More Zombie Kernel Bugs Prove Why You Must Patch Consistently

Thought Spectre is history? It’s still alive, and Kicking

Two more vulnerabilities uncovered in OpenSSL


Extended Lifecycle Support service providing updated OpenSSL to address CVE-2021-23841

A maliciously created X509 certificate with specially crafted Issuer and Serial Numbers fields can potentially cause OpenSSL failure that in turn spits out a NULL value. This can cause a crash from the application calling the function. OpenSSL does not call functions; only the third-party application is at risk of the exploit. Head over to the blog and find out what KernelCare is doing to alleviate this persistent threat.


KernelCare IoT Azure

The IoT and industrial control systems (ICS) are revolutionizing how industries automate by offering low power and low-cost computing. This comes with a price. ICS devices running on the IoT can be a management and security nightmare. Microsoft has stepped in to offer the Azure IoT Hub helps organizations catalog, manage, and integrate large fleets of IoT devices. In closing a service gap, we are excited to announce that KernelCare for IoT fully integrates with Device Update for the Azure IoT Hub from Microsoft. Find out more here.


Last but Not Least—AlmaLinux

Just in case you missed it, we released AlmaLinux OS, a new community-driven distro on 30 March to much fanfare. You can install KernelCare on the AlmaLinux OS for security fixes with no downtime. Always available and always secure.

Get a FREE 7-Day Supported Trial of KernelCare 

 

Do not forget to check out previous KernelCare updates:

Monthly KernelCare Update – August 2020

Monthly KernelCare Update – September 2020

Monthly KernelCare Update – October 2020

Monthly KernelCare Update – November 2020

Monthly KernelCare Update – December 2020

Monthly KernelCare Update – January 2021

Monthly KernelCare Update – February 2021

 

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

Strategies for Managing End-of-Life Operating...

End-of-life software is just a fact of our fast-paced technology...

January 30, 2023

Think You Can’t Afford Consistent...

Look, everyone knows that it’s a tough act. Thousands of...

January 17, 2023

Common Government Cybersecurity Standards –...

The public sector, including state and federal agencies, are at...

January 16, 2023

Which Linux Distro is Best...

If your organization deploys IoT solutions, you know that development...

December 1, 2022

The Bugs Behind the Vulnerabilities...

We continue to look at the code issues that cause...

November 14, 2022

Cybersecurity insurance and fine print:...

Catastrophic risks such as natural disasters and indeed cyberattacks require...

June 29, 2022