We are a trusted partner to the Enterprise Linux industry when it comes to delivering maintenance services. Our goal is to improve the manageability of system administration. In this monthly overview, you will find a round-up of the latest CVEs patched by the TuxCare Team. Also, carry on reading for details of the latest updates to our TuxCare service and lots of helpful advice.
The big news this month was the discovery of a vulnerability in the code for the curl function that’s been in existence for over twenty years. CVE-2021-22922, CVE-2021-22923 and CVE-2021-22925 are related to a process that could allow a download link to be replaced with a pointer to malicious content undetected. The latter of the CVE’s coming due to the fix for a previous CVE not resolving the problem. Luckily for our clients, our Extended Lifecycle Support Services have produced and distributed live patches for all these CVE’s.
In other CVE news, a kernel vulnerability was identified in the Linux filesystem layer. CVE-2021-33909 affects code that’s seven years old and, if exploited, could allow an attacker to escalate privileges and employ lateral movement techniques to compromise systems. Our KernelCare Enterprise Live Patching Service has produced and distributed a live patch for this CVE.
SINGLE SIGN-ON IS HERE
The TuxCare Team is continually looking to improve its services and respond to our clients’ requests for new functions and features. To this end, we are delighted to announce the roll-out of single sign-on support for ePortal authentication that follows the OAuth 2.0 standard. This feature is therefore fully compatible out-of-the-box with popular authentication providers like Google, Okta and others. This improvement to the useability and security follows feedback from our clients on new functions they would like to see implemented. We’re always happy to receive such suggestions and add them to our service’s impressive feature list whenever we can.
TUXCARE ON YOUTUBE
The other big news is the launch of a brand new, bi-weekly podcast that discusses all things Linux Security co-hosted by Learn Linux TV’s Jay LaCroix and TuxCare’s very own Joao Correia. This forty-five-minute exploration of Linux security issues is essential listening for anyone involved in managing Linux-based enterprise systems. You can watch the first episode here on YouTube.
SYSADMIN APPRECIATION DAY
Finally, if you’ve been paying attention to our previous blogs, you will know that the 30th of July was Sysadmin day. In honour of this day of appreciation for Sysadmins everywhere, Jay LaCroix and Joao Correia were joined by Brian Osborn from Admin Magazine in an excellent and entertaining panel discussion. You can watch the video here on YouTube.