-
Operating System: RedHat ≈ Packet Storm
Nov 27, 2024 | 14:59 pm
Red Hat Security Advisory 2024-10386-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System[…]
Read more...
-
Operating System: RedHat ≈ Packet Storm
Nov 27, 2024 | 14:58 pm
Red Hat Security Advisory 2024-10274-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.
Read more...
-
Operating System: RedHat ≈ Packet Storm
Nov 27, 2024 | 14:57 pm
Red Hat Security Advisory 2024-10244-03 - An update for the pam:1.5.1 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.
Read more...
-
Operating System: RedHat ≈ Packet Storm
Nov 27, 2024 | 14:56 pm
Red Hat Security Advisory 2024-10232-03 - An update for pam is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a bypass vulnerability.
Read more...
-
Red Hat Security Blog Blog Posts
Mar 19, 2019 | 19:38 pm
Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more...
-
Red Hat Security Blog Blog Posts
Aug 22, 2018 | 13:30 pm
Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more...
-
Red Hat Security Blog Blog Posts
Jul 18, 2018 | 13:30 pm
As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more...
-
Red Hat Security Blog Blog Posts
Jul 10, 2018 | 13:00 pm
Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more...
-
Red Hat Security Blog Blog Posts
Apr 23, 2018 | 14:30 pm
This year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA.Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show.Here is a sneak peek at[…]
Read more...
-
Red Hat Security Blog Blog Posts
Apr 17, 2018 | 15:00 pm
Google has announced that on April 30, 2018, Chrome will:“...require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy. After this date, when Chrome connects to a site serving a publicly-trusted certificate[…]
Read more...
-
Red Hat Security Blog Blog Posts
Feb 28, 2018 | 14:30 pm
For those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases.PCI-DSS requires that all[…]
Read more...
-
Red Hat Security Blog Blog Posts
Nov 16, 2017 | 15:00 pm
It is a tale as old as time.Developers and security personnel view each other withsuspicion.The perception is that a vast gulf of understanding and ability lies between the two camps.“They can’t possibly understand what it is to do my job!”[…]
Read more...
-
Red Hat Security Blog Blog Posts
Oct 18, 2017 | 13:30 pm
Red Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept[…]
Read more...
-
Red Hat Security Blog Blog Posts
Sep 12, 2017 | 11:51 am
Today, a security issue called BlueBorne was disclosed, a vulnerability that could be used to attack sensitive systems via the Bluetooth protocol. Specifically, BlueBorne is a flaw where a remote (but physically quite close) attacker could get root on a[…]
Read more...
-
Red Hat Security Blog Blog Posts
May 17, 2017 | 13:30 pm
Red Hat Product Security takes pride in the quality and timeliness of its Security Advisories and all the accompanying information we publish for every erratum and vulnerability that we track and fix in our products.There are many ways in which[…]
Read more...
-
Red Hat Security Blog Blog Posts
Apr 25, 2017 | 16:26 pm
We have just rolled out an update to the interface of the Red Hat Container Catalog that attempts to answer to the question of whether or not a particular container image available in the Container Catalog can be considered secure.In[…]
Read more...
-
Red Hat Security Blog Blog Posts
Apr 19, 2017 | 13:30 pm
As you’ve probably heard, this year’s Red Hat Summit is in Boston May 2-4. Product Security is looking forward to taking over multiple sessions and activities over the course of those 3 days, and we wanted to give you a[…]
Read more...
-
Red Hat Security Blog Blog Posts
Mar 22, 2017 | 13:30 pm
Every day we are bombarded with information. Something is always happening somewhere to someone and unfortunately it's rarely good. Looking at this through the lens of information security, NOT getting the right details at the appropriate time could be the[…]
Read more...
-
Red Hat Security Blog Blog Posts
Mar 7, 2017 | 14:39 pm
At Red Hat, our dedicated Product Security team analyzes threats and vulnerabilities against all our products and provides relevant advice and updates through the Red Hat Customer Portal. Customers can rely on this expertise to help them quickly address the[…]
Read more...
-
Red Hat Security Blog Blog Posts
Feb 8, 2017 | 14:30 pm
Last year, while speaking at RSA, a reporter asked me about container provenance. This wasn’t the easiest question to answer because there is a lot of nuance around containers and what’s inside them. In response, I asked him if he[…]
Read more...
-
Red Hat Security Blog Blog Posts
Jan 3, 2017 | 14:30 pm
Cryptographic protocols and algorithms have a limited lifetime—much like everything else in technology. Algorithms that provide cryptographic hashes and encryption as well as cryptographic protocols have a lifetime after which they are considered either too risky to use or plain[…]
Read more...
-
Red Hat Security Blog Blog Posts
Nov 16, 2016 | 14:30 pm
The Transport Layer Security (TLS) protocol is undoubtedly the most widely used protocol on the Internet today. If you have ever done an online banking transaction, visited a social networking website, or checked your email, you have most likely used[…]
Read more...
-
Red Hat Security Blog Blog Posts
Oct 24, 2016 | 13:30 pm
Red Hat Product Security recently celebrated our 15th anniversary this summer and while I cannot claim to have been with Red Hat for that long (although I’m coming up on 8 years myself), I’ve watched the changes from the “0day”[…]
Read more...
-
Red Hat Security Blog Blog Posts
Oct 17, 2016 | 13:30 pm
This summer marked 15 years since we founded a dedicated Product Security team for Red Hat.While we often publish information in this blog about security technologies and vulnerabilities, we rarely give an introspection into the team itself.So I’d like, if[…]
Read more...
-
Red Hat Security Blog Blog Posts
Jun 23, 2016 | 13:30 pm
Red Hat Product Security has long provided various bits of machine-consumable information to customers and users via our Security Data page.Today we are pleased to announce that we have made it even easier to access and parse this data through[…]
Read more...
-
Red Hat Security Blog Blog Posts
May 25, 2016 | 13:30 pm
There is a common misperception that now that containers support seccomp we no longer need SELinux to help protect our systems.WRONG.The big weakness in containers is the container possesses the ability to interact with the host kernel and the host[…]
Read more...
-
Red Hat Security Blog Blog Posts
May 11, 2016 | 13:30 pm
Quick Emulator (aka QEMU) is an open source systems emulator. It emulates various processors and their accompanying hardware peripherals like disc, serial ports, NIC et al. A serious vulnerability of out-of-bounds r/w access through the Video Graphics Array (VGA) emulator[…]
Read more...
-
Red Hat Security Blog Blog Posts
Apr 20, 2016 | 13:30 pm
This report takes a look at the state of security risk for Red Hat products for calendar year 2015. We look at key metrics, specific vulnerabilities, and the most common ways users of Red Hat products were affected by security[…]
Read more...
-
Red Hat Security Blog Blog Posts
Mar 1, 2016 | 13:00 pm
The SSLv2 protocol had its 21st birthday last month, but it’s no cause to celebrate with an alcohol beverage, since the protocol was already deprecated when it turned 18.Announced today is an attack called DROWN that takes advantage of systems[…]
Read more...