Skip to main content
Tag

Red Hat Enterprise

||

Critical Red Hat Updates Released

By News, Patch Management, Patch TuesdayNo Comments

Critical Red Hat Updates

Ahead of Patch Tuesday, a new security advisory has been issued for Red Hat.
[vc_empty_space]
[vc_single_image image=”27579″ img_size=”full” alignment=”center”]

A recent Red Hat security advisory has been issues for Red Hat Enterprise 6 and 7 relating to Java version 7 and 8.

A CVSS score of 8.6 indicates this has a high probability of being used to targets environments soon, although we are unaware at present if attacks are actively being targeted. Red Hat vulnerabilities of this severity are not often released which couldn’t come at a more inconvenient time with Microsoft Patch Tuesday only 4 days away.

Security Updates

  1. IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547)
  2. OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)
  3. IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549)
  4. libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212)
  5. Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449)

All Syxsense customers can find these updates available in their console, and because of the critical nature of the vulnerability and the huge exposure of Java, we recommend this be prioritized as quickly as possible.

Is your patching strategy ready?

Having a strategic patch roll-out implemented is key to secure software updating. However, your plan and patching software must be flexible enough to deal with a rogue critical update. Will you be ready to jump into action when an emergency security update is released?

With Syxsense, you have the stability of a strategic roll-out, but also the capabilities of a response team.

[vc_single_image image=”26366″ img_size=”full” alignment=”center” css=”.vc_custom_1551911445322{margin-top: -20px !important;}”]

This solution can patch devices with WindowsMac, or Linux operating systems. Our content library has a wide range of major software vendors.

[vc_btn title=”Start a Free Trial” color=”warning” size=”lg” align=”left” link=”url:%2Fsyxsense-trial|||”]
[vc_separator css=”.vc_custom_1551288486254{padding-top: 20px !important;padding-bottom: 20px !important;}”]
[vc_separator css=”.vc_custom_1551288486254{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]

Rare Red Hat Critical Update

By News, UncategorizedNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Linux Patches Security Concerns with Firefox

Almost at urban legend status, Red Hat rarely rates updates as critical. Well, it’s not myth now, as an update is available for Red Hat Enterprise Linux 6 and 7. With a CVSS score of 8.8, we are recommending this update be actioned quickly.
An important fact to note, after installing the update, Firefox must be restarted for the changes to take effect.
This update upgrades Firefox to version 60.5.0 ESR.

Security Fixes:
• Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500)
• Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501)
• Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505)

Is your patching strategy ready?

Having a strategic patch roll-out implemented is key to secure software updating. However, your plan and patching software must be flexible enough to deal with a rogue critical update. Will you be ready to jump into action when an emergency security update is released?

With Syxsense, you have the stability of a strategic roll-out, but also the capabilities of a response team. This solution can patch devices with Windows, Mac, or Linux operating systems. Our content library has a wide range of major software vendors.
Learn more about securing your devices in Syxsense Realtime Security.

[dt_default_button link=”url:%2Fsyxsense-trial%2F|||”]Start a Free Trial[/dt_default_button]
|

Red Hat Vulnerabilities Exposed

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Red Hat Linux DHCP Client Vulnerability

Red Hat has been made aware of a couple of flaws in the way the Linux kernel handles exceptions triggered after the POP SS and MOV to SS instructions, these are identified as CVE-2018-8897 & CVE-2018-1087.

These issues could lead to a denial of service (DoS) for unpatched systems.

The second is a DHCP vulnerability, identified as CVE-2018-1111, could allow attackers to execute arbitrary commands with root privileges on targeted systems. CVE-2018-1111 is rated as a Critical vulnerability and we would recommend our clients to deploy this update as quickly as possible.

The following Red Hat product versions are impacted:

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux Atomic Host
  • Red Hat Enterprise MRG 2
  • Red Hat Virtualization Hypervisor 4
  • Red Hat Enterprise Virtualization Hypervisor 3

Patch Everything

All of the above are available to be patched using Syxsense. It’s critical to take action immediately to protect against these critical vulnerabilities.

Software vulnerabilities for Linux systems are among the top 20 most critical vulnerabilities by the FBI and the SANS Institute. Syxsense provides true network security, including Linux OS patching. Manage every threat with the click of a button.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]