• How OpenLogic Builds CentOS Patches

    CentOS patches protect end-of-life versions from CVEs. In this video, experts from OpenLogic explain the process of backporting and testing CentOS patches.

  • CVE-2022-29154

    NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-29154 

    An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

    CVE-2022-29154
    CentOS
    CentOS 8
    3.1.3-12_ol002.el8
    rsync
    7.4

  • CVE-2024-2398

    NVD Listing: NVD - CVE-2024-2398

    When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.

    CVE-2024-2398
    CentOS
    CentOS 8
    2.28-164_ol004.el8
    glibc
    N/A

  • How OpenLogic Does Jenkins Support Differently

    How does OpenLogic support Jenkins differently? Watch this video to hear from OpenLogic’s Chief Architect, Justin Reock on how we can support your enterprise Jenkins environments!

  • Running Kafka on Kubernetes with Strimzi

    In this video, learn why running Kafka on Kubernetes (K8s) is a powerful combination and hear about a real-life use case with an aerospace OpenLogic customer who deployed Kafka on K8s with Strimzi.

  • Kafka vs. RabbitMQ and ActiveMQ

    In this short video, hear from OpenLogic experts about how Apache Kafka differs from message brokers like ActiveMQ and RabbitMQ, and use cases where it might make more sense to deploy an MQ (message queue) vs. an event streaming platform like Kafka.

  • OpenJDK Builds

    Why are more people looking for free Java? Listen in on the discussion from the OpenLogic team on creating certified builds of OpenJDK free for download!

  • CVE-2023-3611

    NVD Linking: https://nvd.nist.gov/vuln/detail/CVE-2023-3611 

    An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.

    CVE-2023-3611
    CentOS
    CentOS 6
    2.6.32-754.35.1_ol014.el6
    kernel
    7.8

  • CVE-2023-5178

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2023-5178 

    A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

    CVE-2023-5178
    CentOS
    CentOS 8
    4.18.0-348.7.1_ol006.el8_5
    kernel
    8.8

  • CVE-2021-45417

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2021-45417 

    AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

    CVE-2021-45417
    CentOS
    CentOS 6
    0.14-11_ol001.el6
    aide
    7.8