SUSE Blog

Author: Marcus Meissner

Avatar photo
By: Marcus Meissner

September 20, 2024 1:54 pm

607 views

SUSE has received first FIPS 140-3 cryptographic certificates

After several years of work the NIST CMVP agency has improved upon the existing FIPS 140-2 certification and established the FIPS 140-3 certification. The new standard brings many changes which are described in the Implementation Guidance. They established new requirements on lifecycle of cryptographic primitives and extended in the area of self-tests. They also took […]

Read More

Categories: Compliance, Security, SUSE Linux Enterprise Server, SUSE Secure

Avatar photo
By: Marcus Meissner

March 29, 2024 5:33 pm

7,603 views

SUSE addresses supply chain attack against xz compression library

SUSE received notification of a supply chain attack against the "xz" compression tool and "liblzma5" library. Background Security Researcher Andres Freund reported to Debian that the xz / liblzma library had been backdoored. This backdoor was introduced in the upstream github xz project with release 5.6.0 in February 2024. For the […]

Read More

Categories: Corporate, Security

Avatar photo
By: Marcus Meissner

December 18, 2023 4:08 pm

9,190 views

SUSE addresses the SSH v2 protocol Terrapin Attack aka CVE-2023-48795

Today, on December 18th 2023, researchers from the Ruhr University Bochum published a protocol flaw in the SSH v2 protocol, codenamed Terrapin Attack. The flaw allows removing encrypted SSH messages at the begin of the communication, allowing downgrade of some security aspects of SSH connections. The flaw does not allow injecting new traffic or commands. […]

Read More

Categories: Security, SUSE Linux Enterprise Server

Avatar photo
By: Marcus Meissner

September 20, 2023 2:30 pm

4,250 views

GO and FIPS 140-2 / 140-3 certified cryptography

The current FIPS 140-2 and ongoing FIPS 140-3 certification efforts by SUSE cover a wide range of system libraries and its users, and the Linux Kernel. One gap recently closed is the missing FIPS 140 support for applications written in the GO language. To allow building GO binaries with cryptography compliant to FIPS 140, SUSE […]

Read More

Categories: Compliance, Containers, Security, SUSE Linux Enterprise Server

Avatar photo
By: Marcus Meissner

April 3, 2023 12:44 pm

5,112 views

SUSE Linux Enterprise and SBOM support

After recent supply chain attacks and with ever increasing security automation especially the software inventory management becomes more and more important. Governments and other regulated industries now require publishing a so called Software Bill Of Materials (SBOM) to software products. Various SBOM formats have appeared in the market. SUSE has started to publish SBOM in […]

Read More

Categories: Compliance, Security, SUSE Linux Enterprise Server, Technical Solutions

Avatar photo
By: Marcus Meissner

September 15, 2022 2:14 pm

3,365 views

SUSE adds security automation support for Kernel Live Patches

SUSE has found that security automation is not handling SUSEs kernel livepatches very well. To understand the underlying problem and ways toward a solution, lets first look at the underlying concepts. Kernel Livepatching Kernel livepatching is a technology where functions within a running Linux kernel are patched to fix security issues, without rebooting or even […]

Read More

Categories: Achieve Nonstop IT, Security, SUSE Linux Enterprise Live Patching, SUSE Linux Enterprise Server, Technical Solutions

Avatar photo
By: Marcus Meissner

July 4, 2022 11:26 am

6,536 views

Applying DISA STIG hardening to SLES installations

Introduction The DISA and SUSE have authored a STIG (Secure Technical Implementation Guide) that describes how to harden a SUSE Linux Enterprise system. The STIG is a long list of rules, each containing description, detection of problems and how to remediate problems on a per rule basis. While originally STIGs are supposed to applied manually, […]

Read More

Categories: Security, Server, SUSE Linux Enterprise Server, SUSE Linux Enterprise Server for ARM, SUSE Linux Enterprise Server for Azure, SUSE Linux Enterprise Server for High Performance Computing, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Server on IBM Power Systems

Avatar photo
By: Marcus Meissner

March 8, 2022 12:58 pm

6,957 views

SUSE statement on “Dirty Pipe” attack

On Monday, March 7th, security researcher Max Kellermann published a new software vulnerability that affect users of the Linux Kernel. The vulnerability, called Dirty Pipe (CVE-2022-0847) , impacts Linux Kernels 5.8 and later, and allows local attackers to overwrite files even if they had only read permissions, allowing for easy privilege escalation. The issue is […]

Read More

Categories: Server, SUSE Linux Enterprise Desktop, SUSE Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Micro, Technical Solutions

Avatar photo
By: Marcus Meissner

December 12, 2021 8:49 am

20,758 views

SUSE Statement on log4j / log4shell / CVE-2021-44228 / Vulnerability

On Friday December 10 morning a new exploit in "log4j" Java logging framework was reported, that can be trivially exploited. This vulnerability is caused by a new feature introduced in log4j 2.x versions where a specific string embedded in messages logged by log4j would be interpreted by log4j to connect to remote sites […]

Read More

Tags: , ,

Categories: Compliance, Server, SUSE Linux Enterprise Server, SUSE Multi-Linux Manager, Technical Solutions

    Section Title

    Search

    Social Media

    Recent Posts Title

    Recent Blog Posts

    Recent Posts

    Popular Posts Title

    Popular Blog Posts

    Popular Posts

    Categories

    Archives

    About Links

    SUSE History
    SUSE Management Team
    SUSE Logos & Imagery