Monthly KernelCare Update – December 2020

December 29, 2020 - TuxCare PR Team

KernelCare Update - december 2020 We have finally wrapped up 2020! This past month has been intense and we’ve done our best to address all the news and changes that can potentially make your sysadmin’s life easier. We’ve included a quick recap video of our December highlights, but you can keep reading for more details.

{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=True, width=’3840′, height=’2160′, player_id=’39338450493′, style=” %}

CVE-2020-1971 in the OpenSSL

OpenSSL released a security patch for a high-level finding that affects any servers running 1.0.2 and 1.1.1 versions. Following the news that OpenSSL will not work on patches for CentOS 6, KernelCare provided rebootless patches for both supported and unsupported versions of OpenSSL in less than 24 hours.

The same day KernelCare clients received their rebootless updates to OpenSSL and avoided the danger of DoS for their businesses. You can benefit from the same quality protection of Linux kernels & shared libraries by opting for KernelCare+ today!

KernelCare+ customers can sign up to receive prompt notifications when the next patches are released.

Join the Project Lenix Community

You may have already heard that in response to RHEL® killing CentOS®, CloudLinux decided to release a free, open-sourced, community-driven, 1:1 binary compatible fork of RHEL® 8 (and future releases) in the Q1 of 2021. The preliminary name of this project is Lenix. Right now, the CloudLinux team is working quickly to set up the infrastructure for community collaboration and process flows.

You are welcome to listen to the interview of CloudLinux’s CEO, Igor Seletskiy, on “Project Lenix” here.

Sign up for notifications about Project Lenix development here or join our community on Reddit for recent updates and discussions.

PostGRE SQL Vulnerability

Hackers have exploited a vulnerability in PostgreSQL to install and run cryptocurrency miner software directly through the database. This is a PostgreSQL-specific vulnerability, and we are actively developing features in KernelCare+ to support the live patching of PostgreSQL and protect your enterprise’s infrastructures. The release is expected in 2021! In the meantime, please read our blog to find out how cryptominers may exploit your database.

IoT Security for Enterprises

A tiny IoT sensor can expose your business to as much risk as a large-scale server in the data centre. Once compromised, it can wreak havoc on information systems or serve as a gateway into the network for malicious actors. Consequently, organizations need to patch IoT devices regularly and most importantly, as fast as possible. Our following blogs cover several aspects of IoT security for enterprises: