Skip to main content

Search

Items tagged with: Redhat


Red Hat released an urgent security alert for Fedora 41 and Rawhide users:

> PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA 41 OR FEDORA RAWHIDE INSTANCES for work or personal activity.

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

> Although Fedora 40 beta contained the 5.6 version of xz in an update, the build environment prevents the injection from correctly occurring, and has not been shown to be compromised. Fedora 40 has now reverted to the 5.4.x versions of xz.

#RedHat #Fedora #FedoraRawhide #Fedora41

Yesterday, Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access. Specifically, this code is present in versions 5.6.0 and 5.6.1 of the libraries - at this time, only Fedora 41 and Fedora Rawhide contain these libraries. This vulnerability was assigned CVE-2024-3094.

Although Fedora 40 beta contained the 5.6 version of xz in an update, the build environment prevents the injection from correctly occurring, and has not been shown to be compromised.  Fedora 40 has now reverted to the 5.4.x versions of xz. 

PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA 41 OR FEDORA RAWHIDE INSTANCES for work or personal activity.


When Red Hat was a smaller corporation, it was common to see the following quote — attributed to Mahatma Gandhi — used internally and in external marketing:

"First they ignore you.
Then they laugh at you.
Then they fight you.
Then you win."

Interestingly, this quote didn't originate from Gandhi at all. It originated from Nicholas Klein, a trade union activist addressing the Amalgamated Clothing Workers of America.

https://en.wikipedia.org/wiki/Nicholas_Klein

#RedHat #Union #WorkersRights #FOSS

A photograph of Red Hat chairperson Paul Cormier presenting to an audience. In the background, a presentation slide with the misattributed quote bullet pointed. Photograph of a Red Hat poster showing the misattributed quote.
Photograph of a Red Hat office showing the misattributed quote painted on the wall.


Earlier today at #almalinux we patched CVE-2023-38403 in iperf3 and released it prior to anyone else in the EL-ecosystem. We promptly submitted PRs with #centos and #fedora.

A lot was learned during this process so we can nail down the processes of doing our own patches while contributing upstream and ultimately deliver on our promises from https://almalinux.org/blog/future-of-almalinux/

#rhel #redhat


This #osspodcast episode @kurtseifried and I discuss the #RedHat news

The reality is they're still better than a lot of companies claiming to do #OpenSource but it feels like a betrayal because they were the hero of open source for so long

https://opensourcesecurity.io/2023/07/02/episode-382-red-hat-you-were-the-chosen-one/


Unfortunately, too many believe that "open source is about corporations". This #Redhat blogpost and the quote shows how disturbing things get when the communal aspect of open source gets privatized - adopting the methods of their closed source brethren.
https://www.redhat.com/en/blog/red-hats-commitment-open-source-response-gitcentosorg-changes?sc_cid=701f2000000tyBjAAI