Monthly TuxCare Update – November 2021

December 1, 2021 - TuxCare PR Team

Welcome to the November installment of our monthly news round-up, bought to you by TuxCare. We are the Enterprise Linux industry’s trusted maintenance services provider. We have developed live patching solutions that minimize maintenance workload and disruption while at the same time maximizing security and system uptime.

In this latest monthly overview, we’ll begin as usual with a round-up of the latest CVEs that the TuxCare Team has patched for you. We’ll also bring you the latest news, advice, and valuable tips.

Content:

1. CVEs Disclosed in November
2. Enterprise Linux Security Video Podcasts
3. Announcing the CISA Directive
4. TuxCare Resources are Live
5. TuxCare Blog: Editor’s Pick

CVEs Disclosed in NOVEMBER

November saw one notable vulnerability disclosure that affected the iconv code. Notable because one of our own team members identified the problem and developed the fix passed upstream for approval and deployment.

Designated CVE-2021-43396, this flaw affects the iconv code that converts character encodings as part of the glibc (GNU C) library. The previously unknown flaw can allow the escape sequence used to switch the active character set to result in abnormal code behavior or data corruption. The CVE status is currently under review, and further details will be posted in the blog once an agreement is reached and a final decision is taken. In the meantime, the fix has been accepted and the patch released.

This disclosed CVE affects four of the distributions covered by our Extended Lifecycle Support Services, and patches have been distributed. See our recently enhanced CVE Dashboard for more details. It lists all CVEs covered under our support services with filtering options to make the information relevant to your systems simple to access.

Enterprise Linux Security Video Podcasts

The TuxCare team’s Enterprise Linux Security podcast continues to offer in-depth topical explanations for the latest hot topics and foundational concepts. Co-hosted by Learn Linux TV’s Jay LaCroix and TuxCare’s very own Joao Correia, there are three new episodes available to view this month.

You can watch the seventh episode where Jack Aboutboul joins the discussion on how the Elevate tool can help migrations between different Linux distros here: Enterprise Linux Security Episode 7 – ELevate – YouTube

The eighth episode discusses the Trojan Source attack tactic and the implications of the CISA directive here: Enterprise Linux Security Episode 8 – Trojan Source, & CISA’s Directive – YouTube

Also available is a ninth episode that discusses how DevOps is changing the development landscape here: Enterprise Linux Security Episode 9 – DevOps – YouTube

These video podcasts discussing Linux security issues are essential viewing for anyone involved in managing Linux-based enterprise systems.

CISA Announcement

This month, the US Cybersecurity and Infrastructure Security Agency issued a directive to all US federal agencies to fix a host of known vulnerabilities. The directive lists over three hundred vulnerabilities that need to be resolved as a matter of urgency. This is notable as it highlights the issues with critical departments of the US government running unpatched systems at a time when their systems are under sustained attack by advanced persistent threats.

This directive is important for the rest of the world because it highlights those vulnerabilities the UG government believes are being exploited or are about to be exploited. This is a wake-up call to everyone to make sure that they are fully patched against this list.

If you’re unsure if these vulnerabilities affect your distros, then look at our CVE Dashboard for more details of each listed vulnerability. And don’t forget to check out episode eight of our Enterprise Linux Security video podcast, where we discuss this directive further.

See our blog to find out more about what does the critical CISA directive mean, and how should you respond?

TuxCare Blog: Editor’s Pick

We’re pleased to announce that the unified TuxCare Resources hub is live, containing many helpful guides, articles, and free tools for the Linux user community to enjoy.

Please take the time to look around the hub to see what gems we’ve provided to help you in your daily administration chores. We hope these resources will provide valuable insights that make your working life more manageable and expand your knowledge.