Misplaced Pages

#393606

36-480: The vulnerability was publicly disclosed by Qualys on July 1, 2024. Qualys reported disclosing the vulnerability to the OpenSSH developers on May 19, approximately two months prior, and reported notifying OpenWall on June 20, 2024. The regreSSHion vulnerability in OpenSSH results from a signal handler race condition in its server component (sshd). This issue is triggered when a client fails to authenticate within

72-512: A clustering product intended for integrated high-performance computing (HPC). The acronym MRG stands for "Messaging Realtime Grid". Red Hat Enterprise MRG replaces the kernel of Red Hat Enterprise Linux RHEL , a Linux distribution developed by Red Hat, to provide extra support for real-time computing , together with middleware support for message brokerage and scheduling workload to local or remote virtual machines , grid computing , and cloud computing . As of 2011 , Red Hat works with

108-413: A managed security services partner (MSSP) portal as part of its global partner program. The portal was designed to enhance operational efficiencies for Qualys' partners and offer visibility into client accounts, licenses, and user roles. Red Hat Red Hat, Inc. (formerly Red Hat Software, Inc.) is an American software company that provides open source software products to enterprises and

144-573: A distribution portal called Red Hat Exchange, reselling FOSS software with the original branding intact. However, by 2010, Red Hat had abandoned the Exchange program to focus their efforts more on their Open Source Channel Alliance which began in April 2009. Red Hat build of Keycloak (formerly known as Red Hat Single Sign-On ) is a software product to allow single sign-on with Identity Management and Access Management aimed at modern applications and services. It

180-782: A division of Red Hat. On September 18, 2006, Red Hat released the Red Hat Application Stack, which integrated the JBoss technology and which was certified by other well-known software vendors. On December 12, 2006, Red Hat stock moved from trading on NASDAQ (RHAT) to the New York Stock Exchange (RHT). In 2007 Red Hat acquired MetaMatrix and made an agreement with Exadel to distribute its software. On March 15, 2007, Red Hat released Red Hat Enterprise Linux 5, and in June acquired Mobicents . On March 13, 2008, Red Hat acquired Amentra,

216-725: A newsletter called Under the Brim. Wide Open magazine first appeared in March 2004, as a means for Red Hat to share technical content with subscribers regularly. The Under the Brim newsletter and Wide Open magazine merged in November 2004, to become Red Hat Magazine . In January 2010, Red Hat Magazine became Opensource.com. In April 2023 Red Hat went through company layoffs and laid off the team maintaining Opensource.com. In 2007, Red Hat announced that it had reached an agreement with some free software and open-source (FOSS) companies that allowed it to make

252-451: A provider of systems integration services for service-oriented architecture , business process management , systems development , and enterprise data services. On July 27, 2009, Red Hat replaced CIT Group in Standard and Poor's 500 stock index , a diversified index of 500 leading companies of the U.S. economy. This was reported as a major milestone for Linux. On December 15, 2009, it

288-493: A single point of failure, scalable to the exabyte level. Ceph replicates data and makes it fault-tolerant, using commodity hardware and requiring no specific hardware support. Ceph's system offers disaster recovery and data redundancy through techniques such as replication, erasure coding, snapshots and storage cloning. As a result of its design, the system is both self-healing and self-managing, aiming to minimize administration time and other costs. In this way, administrators have

324-507: A single, consolidated system that avoids silos and collects the storage within a common management framework. Ceph consolidates several storage use cases and improves resource utilization. It also lets an organization deploy servers where needed. Red Hat operates OpenShift , a cloud computing platform as a service , supporting applications written in Node.js , PHP , Perl , Python , Ruby , JavaEE and more. On July 31, 2018, Red Hat announced

360-613: Is a regression of CVE-2006-5051, reintroduced in OpenSSH 8.5p1 (October 2020) due to the accidental removal of a crucial directive that had mitigated the earlier vulnerability. The directive transformed unsafe calls into a safe _exit(1) call. Note : The following versions are referring to the upstream versions. Checking the versions shipped by e.g. linux Distros is not enough to validate it being vulnerable or not as many have backported fixes to older versions. E.g. Debian's OpensSSH version 9.7p1-7 and Rocky Linux's OpenSSH version 8.7p1-38.4 are also NOT Vulnerable. According to Qualys,

396-716: Is a subsidiary of IBM . Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina , with other offices worldwide. Red Hat has become associated to a large extent with its enterprise operating system Red Hat Enterprise Linux . With the acquisition of open-source enterprise middleware vendor JBoss, Red Hat also offers Red Hat Virtualization (RHV), an enterprise virtualization product. Red Hat provides storage, operating system platforms, middleware, applications, management products, support, training, and consulting services . Red Hat creates, maintains, and contributes to many free software projects. It has acquired

SECTION 10

#1733085846394

432-535: Is based on the open-source project Keycloak , which acts as an upstream project. Red Hat Subscription Management (RHSM) combines content delivery with subscription management. Red Hat is the largest contributor to the Ceph Storage SDS project : Block, File & Object Storage which runs on industry-standard x86 servers and Ethernet IP as well as ARM, InfiniBand, and other technologies. Ceph aims primarily for completely distributed operation without

468-552: Is its Network Passive Sensor service, an advanced technology layer that monitors network traffic and detects what is on the network that needs to be secured. The Network Passive Sensor immediately sends asset metadata to the Qualys Cloud Platform, where it is analyzed for comprehensive security insights. In 2021, Courtot resigned from his role as Qualys' CEO for health reasons after leading the company for two decades. Sumedh Thakar became president and CEO following Courtot. He

504-629: The Condor High-Throughput Computing System community and also provides support for the software. The Tuna performance-monitoring tool runs in the MRG environment. Red Hat produced the online publication Opensource.com since January 20, 2010. The site highlights ways open-source principles apply in domains other than software development. The site tracks the application of open-source philosophy to business, education, government, law, health, and life. The company originally produced

540-537: The One Laptop per Child initiative (a non-profit organization established by members of the MIT Media Lab ) to design and produce an inexpensive laptop and try to provide every child in the world with access to open communication, open knowledge, and open learning . The XO-4 laptop, the last machine the project produced (in 2012), runs a slimmed-down version of Fedora 17 as its operating system. Avi Kivity began

576-551: The codebases of several proprietary software products through corporate mergers and acquisitions , and has released such software under open source licenses . As of March 2016 , Red Hat is the second largest corporate contributor to the Linux kernel version 4.14 after Intel . On October 28, 2018, IBM announced its intent to acquire Red Hat for $ 34 billion. The acquisition closed on July 9, 2019. It now operates as an independent subsidiary. In 1993, Bob Young incorporated

612-517: The freedesktop.org project. Dogtail, an open-source automated graphical user interface (GUI) test framework initially developed by Red Hat, consists of free software released under the GNU General Public License (GPL) and is written in Python . It allows developers to build and test their applications. Red Hat announced the release of Dogtail at the 2006 Red Hat Summit. Red Hat MRG is

648-573: The "Best Privilege Escalation Bug" and "Most Under-Hyped Research" categories. In November 2023, Qualys released its Enterprise TruRisk Platform, which aggregates cyber risk signals to provide a risk-scoring framework for companies to measure and reduce IT risk. In February 2024, Qualys became the first cloud native application protection platform (CNAPP) to also cover SaaS apps. Qualys TotalCloud gathers and unifies cloud data from multi-cloud environments, giving IT departments better visibility to address security issues. In May 2024, Qualys launched

684-516: The ACC Corporation, a catalog business that sold Linux and Unix software accessories. In 1994, Marc Ewing created his own Linux distribution, which he named Red Hat Linux (associated with the time Ewing wore a red Cornell University lacrosse hat, given to him by his grandfather, while attending Carnegie Mellon University ). Ewing released the software in October, and it became known as

720-503: The Halloween release. Young bought Ewing's business in 1995, and the two merged to become Red Hat Software, with Young serving as chief executive officer (CEO). Red Hat went public on August 11, 1999, achieving—at the time—the eighth-biggest first-day gain in the history of Wall Street . Matthew Szulik succeeded Bob Young as CEO in December of that year. Bob Young went on to found

756-679: The IBM/Red Hat deal". The acquisition was closed on July 9, 2019. Red Hat is the primary sponsor of the Fedora Project, a community-supported free software project that aims to promote the rapid progress of free and open-source software and content. Red Hat operates on a business model based on open-source software , development within a community, professional quality assurance , and subscription-based customer support . They produce open-source code so that more programmers can make adaptations and improvements. Red Hat sells subscriptions for

SECTION 20

#1733085846394

792-511: The LoginGraceTime period (default 120 seconds). When this timeout occurs, sshd's SIGALRM handler is called asynchronously , invoking functions that are not safe to use in signal handlers, such as syslog(). In versions < 4.4p1, an attacker could exploit the free() function during syslog() within the signal handler. However, in versions from 8.5p1 to 9.7p1, both the free() and malloc() functions are targeted. This vulnerability

828-560: The Raleigh operation, and investing over US$ 109 million . The state of North Carolina is offering up to US$ 15 million in incentives. The second phase involves "expansion into new technologies such as software virtualization and technology cloud offerings". On August 25, 2011, Red Hat announced it would move about 600 employees from the N.C. State Centennial Campus to the Two Progress Plaza building. A ribbon cutting ceremony

864-621: The bug was named "regreSSHion" as a reference to a regression bug affecting OpenSSH . Qualys Qualys, Inc. is an American technology firm based in Foster City, California , specializing in cloud security , compliance and related services. Qualys has over 10,300 customers in more than 130 countries. The company has strategic partnerships with major managed services providers and consulting organizations including BT , Dell SecureWorks , Fujitsu , IBM , NTT , Symantec , Verizon , and Wipro . Qualys has been described as "one of

900-472: The development of KVM in mid-2006 at Qumranet , a technology startup company that was acquired by Red Hat in 2008. Red Hat is the largest contributor to the GNOME desktop environment. It has several employees working full-time on Evolution , the official personal information manager for GNOME. Init system and system/service manager for Linux systems. Network-capable sound server program distributed via

936-403: The earliest software-as-a-service security vendors." Philippe Courtot first invested in the company in 1999. He became CEO and board chair in 2001. Courtot described Qualys as addressing a "mounting need for automatic detection of network vulnerabilities" when he announced the second round of financing. The company launched QualysGuard in 2000, making Qualys one of the first entrants in

972-576: The following month Red Hat introduced Red Hat Linux Advanced Server, later renamed Red Hat Enterprise Linux (RHEL). Dell , IBM , HP and Oracle Corporation announced their support of the platform. In December 2005, CIO Insight magazine conducted its annual "Vendor Value Survey", in which Red Hat ranked #1 in value for the second year in a row. Red Hat stock became part of the NASDAQ-100 on December 19, 2005. Red Hat acquired open-source middleware provider JBoss on June 5, 2006, and JBoss became

1008-518: The ongoing conflict in Gaza. On October 28, 2018, IBM announced its intent to acquire Red Hat for US$ 34 billion, in one of its largest-ever acquisitions. The company will operate out of IBM's Hybrid Cloud division. Six months later, on May 3, 2019, the US Department of Justice concluded its review of IBM's proposed Red Hat acquisition, and according to Steven J. Vaughan-Nichols "essentially approved

1044-452: The online print on demand and self-publishing company, Lulu in 2002. On November 15, 1999, Red Hat acquired Cygnus Solutions . Cygnus provided commercial support for free software and housed maintainers of GNU software products such as the GNU Debugger and GNU Binutils . One of the founders of Cygnus, Michael Tiemann , became the chief technical officer of Red Hat and by 2008

1080-471: The release of Istio 1.0, a microservices management program used in tandem with the Kubernetes platform. The software purports to provide "traffic management, service identity and security, policy enforcement and telemetry" services in order to streamline Kubernetes use under the various Fedora -based operating systems. Red Hat's Brian Redbeard Harring described Istio as "aiming to be a control plane, similar to

1116-567: The support, training, and integration services that help customers in using their open-source software products. Customers pay one set price for unlimited access to services such as Red Hat Network and up to 24/7 support. In September 2014, however, CEO Jim Whitehurst announced that Red Hat was "in the midst of a major shift from client-server to cloud-mobile". Rich Bynum, a member of Red Hat's legal team, attributes Linux's success and rapid development partially to open-source business models, including Red Hat's. Red Hat engineers worked with

RegreSSHion - Misplaced Pages Continue

1152-645: The vice president of open-source affairs. Later Red Hat acquired WireSpeed, C2Net , Hell's Kitchen Systems, and Akopia. In February 2000, InfoWorld awarded Red Hat its fourth consecutive "Operating System Product of the Year" award for Red Hat Linux 6.1. Red Hat acquired Planning Technologies, Inc. in 2001 and AOL 's iPlanet directory and certificate-server software in 2004. Red Hat moved its headquarters from Durham to North Carolina State University 's Centennial Campus in Raleigh, North Carolina in February 2002. In

1188-809: The vulnerability management market. This software could automatically scan corporate local area networks (LANs) for vulnerabilities and search for an available patch. The company subsequently added compliance, malware detection, and web application scanning to its platform. Qualys went public on the Nasdaq under the stock ticker QLYS on September 28, 2012, raising net proceeds of $ 87.5 million. In 2015, Qualys launched its cloud platform and lightweight cloud agent, aimed at providing continuous monitoring of an organization's IT infrastructure and applications. The cloud platform introduced several new features designed to help organizations address cybersecurity and compliance issues. Another security service that Qualys offers

1224-757: Was held on June 24, 2013, in the re-branded Red Hat Headquarters. In 2012, Red Hat became the first one-billion dollar open-source company, reaching US$ 1.13 billion in annual revenue during its fiscal year. Red Hat passed the $ 2 billion benchmark in 2015. As of February 2018 the company's annual revenue was nearly $ 3 billion. On October 16, 2015, Red Hat announced its acquisition of IT automation startup Ansible , rumored for an estimated US$ 100 million. In June 2017, Red Hat announced Red Hat Hyperconverged Infrastructure (RHHI) 1.0 software product In May 2018, Red Hat acquired CoreOS . Red Hat's links to Israel's military and professed support for Israel have also led to some controversy and calls for boycott during

1260-422: Was previously president and Chief Product Officer at Qualys. In August 2021, Qualys partnered with Red Hat to bring Qualys' Cloud Agent to Red Hat Enterprise Linux (RHEL) CoreOS and Red Hat OpenShift . The CoreOS Cloud Agent for OpenShift works with Qualys' Container Security Runtime, delivering continuous packages and vulnerabilities for the entire OpenShift stack. Qualys won two Pwnie Awards in 2021, in

1296-572: Was reported that Red Hat will pay US$ 8.8 million to settle a class action lawsuit related to the restatement of financial results from July 2004. The suit had been pending in the U.S. District Court for the Eastern District of North Carolina . Red Hat reached the proposed settlement agreement and recorded a one-time charge of US$ 8.8 million for the quarter that ended Nov. 30. On January 10, 2011, Red Hat announced that it would expand its headquarters in two phases, adding 540 employees to

#393606