Red Hat Enterprise Linux 7.7 to be Available

New version of popular Linux discributive brings a lot of updates and innovations
07 August 2019   302

Red Hat has released the Red Hat Enterprise Linux 7.7 distribution. The installed RHEL 7.7 images are available for download only for registered users of the Red Hat Client Portal and are prepared for the x86_64, IBM POWER7 +, POWER8 architecture (with direct byte order and direct byte order) and IBM System z. Source text packages can be downloaded from the CentOS project's Git repository.

With Red Hat Enterprise Linux 7.7, we show our continued commitment to the 10-year Red Hat Enterprise Linux lifecycle while also introducing key new features, like image builder and Red Hat Insights, to help IT organizations get the most from their existing Red Hat Enterprise Linux 7 investments.

Stefanie Сhirasvice

President and general manager, Red Hat Enterprise Linux, Red Hat

The RHEL 7.x branch is followed by the RHEL 8.x branch and will be supported until June 2024. The release of RHEL 7.7 is the latest in the main full support phase, which includes functional improvements. RHEL 7.8 Transition to the maintenance stage, bug fixes and security related to the support of important hardware systems.

New version has a lot of updates and changes. Among the:

  • Provided full support for the use of the mechanism of Live-patches (kpatch) to eliminate vulnerabilities in the Linux kernel without restarting the system and without stopping work. Previously, kpatch was an experimental feature;
  • Added python3 packages with Python 3.6 interpreter. Previously, Python 3 was only shipped with Red Hat Software Collections. By default, Python 2.7 is still offered (the transition to Python 3 was done in RHEL 8);
  • Screen presets (/etc/xdg/monitors.xml) have been added to the Mutter window manager for all users in the system (you no longer need to separately configure screen settings for each user;

Learn about them on the official website.

LKRG Module Version 0.7 to be Released

Linux Kernel Runtime Guard is created to protect Linux of vulnerabilities exploitation
23 July 2019   282

The Openwall project published the release of the LKRG 0.7 kernel module (Linux Kernel Runtime Guard), which provides detection of unauthorized changes to the working kernel (integrity check) or attempts to change the permissions of user processes (definition of exploit usage). The module is suitable both for organization of protection against already known exploits for the Linux kernel (for example, in situations when it is problematic to update the kernel in the system), and for opposition to exploits for still unknown vulnerabilities. About the features of LKRG can be found in the first announcement of the project.

Among the changes in the new version:

  • The code was refactored to support various CPU architectures. Added initial support for ARM64 architecture;
  • Compatible with Linux kernels 5.1 and 5.2, as well as kernels assembled without enabling the CONFIG_DYNAMIC_DEBUG, CONFIG_ACPI and CONFIG_STACKTRACE options when building the kernel, and with kernels built with the CONFIG_STATIC_USERMODEHELPER option. Added experimental kernel support from the grsecurity project;
  • Significantly changed initialization logic;
  • Self-hashing has been re-enabled in the integrity check subsystem and the race condition in the transition label engine (* _JUMP_LABEL) has been eliminated, leading to a deadlock during initialization simultaneously with loading or unloading events of other modules;
  • In the exploit detection code, new sysctl lkrg.smep_panic (enabled by default) and lkrg.umh_lock (disabled by default) were added, additional checks of the SMEP / WP bit were added, the tracking logic of the tasks was changed in the system, the internal synchronization logic with task resources was revised, Added support for OverlayFS, placed in the white list of Ubuntu Apport.

Get more info at Openwall's website.