Security Updates For Intel NUCs And Server Tool
Of note, among the security updates released today, Intel addressed five high severity vulnerabilities impacting the Intel Virtualization Technology for Directed I/0 (VT-d) products, the BIOS firmware for some Intel processors, and the Intel Security Library.
Security updates for Intel NUCs and Server tool
A potential security vulnerability in the Intel NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.
If you have information about a security issue or vulnerability with an Intel branded product or technology, please send an e-mail to email@example.com. Encrypt sensitive information using our PGP public key.
For the longest time, I've been running **Spiceworks** and **Manage Engine Desktop Central** along other monitoring and security surveillance tooling inside a virtual machine on my **TrueNAS** box. If there's an outage with my NAS, the monitoring solution will go down with it. So I decided to upgrade a legacy **Intel NUC Kit DCCP847DYE** to do the job independently of any other component in the network.
That's it. You can now put the little box in your lab server rack or other central networking component enclosure, give it some power and network and access its services from anywhere you want on your network. I'm going to try a few more products for scanning the network or data security tools as well as other development and security helpers. One I have in my head straight away is **Tree Size** that could run data usage reports on our network shares. Apart from that I'm thinking about running **Greenbone Security** in a virtual machine on that device.
Today, Intel along with customers and industry partners announced several solutions designed to scale and accelerate the adoption of hardware-enabled security across data center, cloud, network and edge. From OEMs to cloud service providers (CSPs) and independent software vendors (ISVs), Intel continues to help lead the industry and advance security tools and resources that help improve the security and privacy of application processing in the cloud, provide platform-level threat detection and shrink the attack surface.
Scaling Intel SGX for the Cloud: Intel introduced the Intel SGX Card, a new way to help extend application memory protections using Intel SGX in existing data center infrastructure. Though Intel SGX technology will be available on future multi-socket Intel Xeon Scalable processors, there is pressing demand for its security benefits in this space today. Intel is accelerating deployment of Intel SGX technology for the vast majority of cloud servers deployed today with the Intel SGX Card. Additional benefits offer access to larger, non-enclave memory spaces, and some additional side-channel protections when compartmentalizing sensitive data to a separate processor and associated cache. Availability is targeted for later this year.
Intel Threat Detection Technology Evolves: Intel is expanding Intel TDT capabilities in 2019 to include support for Linux on servers in virtualized data center and cloud environments. Intel TDT combines platform-level telemetry infrastructure and machine learning models to detect targeted attacks. Detection alerts based on the heuristics are sent to the security service provider (ISV) for remediation. Integration of the Intel TDT stack into the existing ISV solutions results in improved performance and lower incidences of false positives. At RSA Conference, Intel will demonstrate Intel TDT on Linux using Intel-developed heuristics to detect unauthorized execution of specific cryptomining workloads.
Potential Security Impact: Dynabook is aware of the Intel security advisory report as referenced below. The security and privacy of our customers' information are priorities for Dynabook. Dynabook is working closely with Intel to provide firmware and/or software updates as soon as possible to resolve this security vulnerability.
In the meantime, Dynabook recommends that customers update their systems to the latest Dynabook firmware and software, apply all of Microsoft System Updates as they become available, and follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.
Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:
With this enhancement, you can upgrade your RHEL 8 system to RHEL 9 using the rpm-ostree rebase tool. It fully supports the default package set of RHEL for Edge upgrades between the most recent updates of RHEL 8 to the most recent updates of RHEL 9.
Most distributions send locale environment variables by default and accept them on the server side. However, this meant that logging in through SSH from clients that used locales other than C or C.UTF-8 to servers that did not have the glibc-langpack-en or glibc-all-langpacks package installed resulted in degraded user experience. Specifically, output in the UTF-8 format was broken and some tools did not work or sent frequent warning messages.
RHEL 9 is distributed with Squid 5.2, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. This release provides a number of bug fixes, security fixes, new features, and enhancements over version 4.
Previously, ansible-freeipa modules could only be executed on IdM servers. This required your Ansible administrator to have SSH access to your IdM server, causing a potential security threat. With this update, you can execute ansible-freeipa modules remotely on systems that are IdM clients. As a result, you can manage IdM configuration and entities in a more secure way.
The NTS option was added to the Timesync RHEL System Role to enable NTS on client servers. NTS is a new security mechanism specified for Network Time Protocol (NTP). NTS can secure synchronization of NTP clients without client-specific configuration and can scale to large numbers of clients. The NTS option is supported only with the chrony NTP provider in version 4.0 and later.
Identity Management (IdM) servers with integrated DNS now implement DNS Security Extensions (DNSSEC), a set of extensions to DNS that enhance security of the DNS protocol. DNS zones hosted on IdM servers can be automatically signed using DNSSEC. The cryptographic keys are automatically generated and rotated.
Deprecated hardware components are not recommended for new deployments on the current or future major releases. Hardware driver updates are limited to security and critical fixes only. Red Hat recommends replacing this hardware as soon as reasonably feasible.
Ecosystem partners are currently developing products based on the reference design. This allows systems vendors, solutions integrators and end customers broad choice and the ability to consolidate more network and security workloads onto server platforms without increasing the use of rack space. The reference design also allows development of solutions, like software assets developed on Intel-based platforms, that may be used without additional re-architecting, porting or compiling. Silicom and F5 will be among the first to utilize the Intel NetSec Accelerator Reference Design to offer integration and acceleration of networking and security functions for rapid scale and time to market.
This page provides an overview of all available ESXi Image Profiles. An Image Profile defines the set of VIBs that an ESXi installation or update process uses. Each patch contains two or four Image Profiles. When a patch is published, there is always a separate Image Profile that contains security patches only and all patches are available with or without the VMware Tools VIB (tools-light). Patches with security updates only do not have a separate "security only" Image Profile. The extra Image Profile without VMware Tools is useful because the tools-light VIB is about 50% of the total ESXi Image size.
SMT (Subscription Management Tool) has been removed.Instead, RMT (Repository Mirroring Tool) now allows mirroring SUSE repositories and custom repositories.You can then register systems directly with RMT.In environments with tightened security, RMT can also proxy other RMT servers.If you are planning to migrate SLE 12 clients to version 15, RMT is the supported product to handle such migrations.If you still need to use SMT for these migrations, beware that the migrated clients will have all installation modules enabled.
The OpenLDAP server (package openldap2, part of the Legacy SLE module) is deprecated and will be removed from SUSE Linux Enterprise Server 15 SP4.The OpenLDAP client libraries are widely used for LDAP integrations and are compatible with 389 Directory Server.Hence, the OpenLDAP client libraries and command-line tools will continue to be supported on SLES 15 to provide an easier transition for customers that currently use the OpenLDAP Server.
To replace OpenLDAP server, SLES includes 389 Directory Server.389 Directory Server (package 389-ds) is a fully-featured LDAPv3-compliant server suited for modern environments and for very large LDAP deployments.389 Directory Server also comes with command-line tools of its own.
The Linux kernel parameter net.ipv4.ping_group_range now covers all groups.This allows all users of the operating system create ICMP Echo sockets without using setuid binaries or needing to have the CAP_NET_ADMIN and CAP_NET_RAW file capabilities.This improves the overall security by using ICMP instead of raw sockets and simplifies configuration of tools like ping, fping, traceroute, prometheus-blackbox_exporter, collectd-ping, etc.