A new vulnerability, CVE-2018-1111, has been recently announced; it allows a malicious DHCP server to send a specially crafted response that can run privileged commands on a DHCP client that is running dhclient. This affects dhclient on both Centos Linux 6 and CentOS Linux 7 systems. RedHat have released an updated to ... Read More...
Security
On Thursday May 10, CentOS 7.5 (1804) was released. For more information about the release, see the CentOS Project's Release Notes here: https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.1804 Before upgrading to CentOS Linux 7.5, it is strongly encouraged to examine the above Release Notes, especially 'Known Issues' to see if it may adversely affect your setup; Included with ... Read More...
What is a reverse proxy? A reverse proxy accepts connections and then routes them to an appropriate backend. For example, if we have a Ruby application running on port 3000, we can configure a reverse proxy to accept connections on HTTP or HTTPS, which can then transparently proxy requests to the ... Read More...
What is letsencrypt (LE)? From the Let's Encrypt website: Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, ... Read More...
A new exploit vulnerability has been found: CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow . According to the CVE, "A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, ... Read More...
CentOS 6 Linux kernel 2.6.32-504.30.3 has recently been released. Update type(s): security Resolved CVEs: CVE-2011-5321 CVE-2015-1593 CVE-2015-2830 CVE-2015-2922 CVE-2015-3636 A NULL pointer dereference flaw was found in the way the Linux kernel's virtual console implementation handled reference counting when accessing pseudo-terminal device files (/dev/pts/*). A local, unprivileged attacker could use this flaw to crash the system. (CVE-2011-5321, Moderate) * It was found that ... Read More...