System News
 1 2 3 4 5 6 7 8 9 10 next
Articles for the keywords: OpenSSL
06 Jun 2017 NexentaStor 4.0.5-FP1 [64149]
Nexenta, June 6th 2017

NexentaStor 4.0.5-FP1 delivers fixes to improve stability, scalability, and performance. This Fix Pack builds on the fixes and enhancements previously released in 4.0.5; addresses customer-reported issues, and addresses issues found internally by Nexenta engineering.

Our releases continue to focus on ensuring the highest level of security. We have included fixes for several CVEs and other security issues. See 'Resolved Security Issues in 4.0.5-FP1' table for more information on the security fixes.

NexentaStor 4.0.5-FP1 includes the following upgrades:

  • Upgraded OpenSSL version to 1.0.2k
  • Upgraded Apache version to 2.4.25

NexentaStor 4.0.5-FP1 provides several AutoSync fixes and enhancements.
(Get More Information . .) open to premium members only

18 May 2017 Are VMs More Secure Than Containers? [63479]
Network World, May 18th 2017

"We often say, 'HTTPS is secure,' or 'HTTP is not secure.' But what we mean is that 'HTTPS is hard to snoop and makes man-in-the-middle attacks difficult' or 'my grandmother has no trouble snooping HTTP.'

Nevertheless, HTTPS has been hacked, and under some circumstances, HTTP is secure enough. Furthermore, if I discover an exploitable defect in a common implementation supporting HTTPS (think OpenSSL and Heartbleed), HTTPS can become a hacking gateway until the implementation is corrected.

HTTP and HTTPS are protocols defined in IETF RFCs 7230-7237 and 2828. HTTPS was designed as a secure HTTP, but saying HTTPS is secure and HTTP is not still hides important exceptions.

Virtual machines (VMs) and containers are less rigorously defined, and neither was intentionally designed to be more secure than the other. Therefore, the security issues are still murkier..."
(Get More Information . .) open to premium members only

14 Dec 2016 NexentaStor 4.0.5 [58998]
Nexenta, December 14th, 2016

NexentaStor 4.0.5, Nexenta's latest and greatest maintenance update, is now generally available for online upgrades and download from nexenta.com.

This release further hardens Nexenta's core product and rolls up all Fix Packs and customer specific patches released since 4.0.4 went GA (a bit more than a year ago now). It also includes a number of enhancements, such as:

  • Support for Data At Rest Encryption on Self-Encrypting Drive based configurations
  • Numerous security updates, including update to OpenSSL 1.0.2
  • Support for Intel XL710 40GbE NIC, and X710 10GbE NICs
  • Support for QLogic 16Gbps FC
  • Numerous chassis management additions (e.g. Ericsson HDS8k, Dell MD1280, Amax)
  • and more (see release notes for details)

https://nexenta.com/products/downloads/nexentastor
(Get More Information . .) open to premium members only

20 Jul 2016 Two Years After Heartbleed, An Improved OpenSSL Aims For Government Approval [54556]
FCW, July 20th, 2016

"When the Heartbleed bug was discovered in 2014, federal agencies reported no significant fallout from the OpenSSL vulnerabilities on government websites. But as that vital open-source software library has been revised and strengthened in the two years since, a different problem has emerged: the newer, more secure OpenSSL 1.1 lacks a critical federal validation for cryptographic software.

Using it in federal systems, in fact, would be against the law..."
(Get More Information . .) open to premium members only

04 May 2016 Linux Foundation Offers Badges To Certify Open Source Code Quality [52259]
The VAR Guy, May 4th, 2016

"Which open source projects can users trust? That's a question the Linux Foundation hopes to help answer by the introduction of "badges" from the Core Infrastructure Initiative (CII) project, which recognize open source platforms deemed to be safe and stable.

Launched in 2014 in the wake of Heartbleed, which exposed an embarrassing security vulnerability in the widely used open source toolkit OpenSSL, CII is an effort to shore up security and quality in important open source projects. Previously, the support focused on providing financial resources to assist open source developers in honing their code..."
(Get More Information . .) open to premium members only

 
 1 2 3 4 5 6 7 8 9 10 next






!-- end archive_section.tpl -->