Red Hat Blog

In this article, I’ll go over some typical problems users may face with Fedora SHA-1 status (including some possible workarounds), and how you can update your infrastructure to use a more secure SHA-256.

At Red Hat, we recognise the importance of implementing security measures early in the software development life cycle (SDLC), as breaches are becoming more evident in today's society. Our work in Red Hat Product Security is to help minimize the software-based risks of enterprise open source from Red Hat , while affording the many benefits that only open source can provide.

There are a million ways for awful things to happen to your data and accounts. For example, someone could accidentally commit their AWS access keys publicly to GitHub, and attackers quickly run up $100,000 in charges mining cryptocurrency on expensive GPU-enabled instances. Or "account support" calls with a notice that your account has false charges, but they can remove them once they verify your credit card info. There are fake software updates that steal bank account information.

Ravie Lakshmanan's recent article CISA warns of active exploitation of 'PwnKit' Linux vulnerability in the wild articulates the vulnerability in Polkit (CVE-2021-4034) and recommends "to mitigate any potential risk of exposure to cyberattacks… that organizations prioritize timely remediation of the issues," while "federal civilian executive branch agencies, however, are required to mandatorily patch the flaws by July 18

The IT industry not only looked very different 20 years ago, product security looked very different as well. Open source software wasn’t mainstream and the majority of vendors had full control and secrecy over their product code.

As Red Hat is modernizing our approach to Compliance as Code, we are making some changes to better provide our customers with the most accurate information available. One of the recent changes involved "ATO Pathways" — the website previously hosted at https://atopathways.redhatgov.io.

What are container image vulnerabilities?

Red Hat Enterprise Linux 9 (RHEL 9) ships with OpenSSL 3.0, a core operating system (OS) library that has been in the making for quite a while. This was a long and involved process for a variety of reasons.

Red Hat Enterprise Linux 9 (RHEL 9) is the latest version of Red Hat’s flagship operating system, released at the Red Hat Summit in May 2022. New capabilities added to RHEL 9 help simplify how organizations manage security and compliance when deploying new systems or managing existing infrastructure. This article takes a brief look at three of the new security features available in this release.

Red Hat Product Security is pleased to announce that a new security metadata offering, the Common Security Advisory Framework (CSAF), is now available in beta form. CSAF 2.0 is the successor to the Common Vulnerability Reporting Framework (CVRF) version 1.2, and contains many enhancements to the information provided in each CSAF file. Additionally, CSAF uses the JSON format instead of the XML format used by CVRF.