Avatar photo
By: Marcus Meissner

March 29, 2024 5:33 pm

7,127 views

SUSE addresses supply chain attack against xz compression library

SUSE received notification of a supply chain attack against the "xz" compression tool and "liblzma5" library. Background Security Researcher Andres Freund reported to Debian that the xz / liblzma library had been backdoored. This backdoor was introduced in the upstream github xz project with release 5.6.0 in February 2024. For the […]

Read More


Avatar photo
By: Marcus Meissner

December 18, 2023 4:08 pm

8,487 views

SUSE addresses the SSH v2 protocol Terrapin Attack aka CVE-2023-48795

Today, on December 18th 2023, researchers from the Ruhr University Bochum published a protocol flaw in the SSH v2 protocol, codenamed Terrapin Attack. The flaw allows removing encrypted SSH messages at the begin of the communication, allowing downgrade of some security aspects of SSH connections. The flaw does not allow injecting new traffic or commands. […]

Read More


Avatar photo
By: Marcus Meissner

September 20, 2023 2:30 pm

3,628 views

GO and FIPS 140-2 / 140-3 certified cryptography

The current FIPS 140-2 and ongoing FIPS 140-3 certification efforts by SUSE cover a wide range of system libraries and its users, and the Linux Kernel. One gap recently closed is the missing FIPS 140 support for applications written in the GO language. To allow building GO binaries with cryptography compliant to FIPS 140, SUSE […]

Read More


Avatar photo
By: Marcus Meissner

April 3, 2023 12:44 pm

4,748 views

SUSE Linux Enterprise and SBOM support

After recent supply chain attacks and with ever increasing security automation especially the software inventory management becomes more and more important. Governments and other regulated industries now require publishing a so called Software Bill Of Materials (SBOM) to software products. Various SBOM formats have appeared in the market. SUSE has started to publish SBOM in […]

Read More


Avatar photo
By: Marcus Meissner

September 15, 2022 2:14 pm

3,132 views

SUSE adds security automation support for Kernel Live Patches

SUSE has found that security automation is not handling SUSEs kernel livepatches very well. To understand the underlying problem and ways toward a solution, lets first look at the underlying concepts. Kernel Livepatching Kernel livepatching is a technology where functions within a running Linux kernel are patched to fix security issues, without rebooting or even […]

Read More


Avatar photo
By: Marcus Meissner

July 4, 2022 11:26 am

5,975 views

Applying DISA STIG hardening to SLES installations

Introduction The DISA and SUSE have authored a STIG (Secure Technical Implementation Guide) that describes how to harden a SUSE Linux Enterprise system. The STIG is a long list of rules, each containing description, detection of problems and how to remediate problems on a per rule basis. While originally STIGs are supposed to applied manually, […]

Read More


Avatar photo
By: Marcus Meissner

March 8, 2022 12:58 pm

6,630 views

SUSE statement on “Dirty Pipe” attack

On Monday, March 7th, security researcher Max Kellermann published a new software vulnerability that affect users of the Linux Kernel. The vulnerability, called Dirty Pipe (CVE-2022-0847) , impacts Linux Kernels 5.8 and later, and allows local attackers to overwrite files even if they had only read permissions, allowing for easy privilege escalation. The issue is […]

Read More


Avatar photo
By: Marcus Meissner

December 12, 2021 8:49 am

20,323 views

SUSE Statement on log4j / log4shell / CVE-2021-44228 / Vulnerability

On Friday December 10 morning a new exploit in "log4j" Java logging framework was reported, that can be trivially exploited. This vulnerability is caused by a new feature introduced in log4j 2.x versions where a specific string embedded in messages logged by log4j would be interpreted by log4j to connect to remote sites […]

Read More


Avatar photo
By: Marcus Meissner

July 27, 2020 8:39 am

27,835 views

SUSE addresses BootHole security exposure

Security researchers from Eclypsium have published an attack called BootHole today. This attack requires root access to the bootloader used in Linux operating systems, GRUB2. It bypasses normal Secure Boot protections to persistently install malicious code which cannot be detected by the operating system. Given the need for root access to the bootloader, the described […]

Read More