ProHoster > Блог > xov xwm hauv internet > Red Hat Enterprise Linux 8.7 faib tawm

Red Hat Enterprise Linux 8.7 faib tawm

Red Hat tau tso Red Hat Enterprise Linux 8.7. Kev teeb tsa tsim tau npaj rau x86_64, s390x (IBM System z), ppc64le, thiab Aarch64 architectures, tab sis muaj rau rub tawm tsuas yog rau cov neeg siv npe Red Hat Customer Portal. Red Hat Enterprise Linux 8 rpm pob tau muab faib los ntawm CentOS Git repository. Lub 8.x ceg tau khaws cia ua ke nrog RHEL 9.x ceg thiab yuav tau txais kev txhawb nqa kom txog thaum tsawg kawg 2029.

Kev npaj cov kev tshaj tawm tshiab yog ua raws li lub voj voog kev loj hlob, uas txhais tau hais tias tsim cov kev tshaj tawm txhua rau lub hlis ntawm lub sijhawm teem tseg. Txog xyoo 2024, 8.x ceg yuav nyob rau theem kev txhawb nqa tag nrho, uas suav nrog kev txhim kho kev ua haujlwm, tom qab ntawd nws yuav txav mus rau theem kev saib xyuas, uas qhov tseem ceeb yuav hloov mus rau kev kho kab mob thiab kev nyab xeeb, nrog rau kev txhim kho me me. los txhawb kev kho vajtse tseem ceeb.

Cov kev hloov pauv tseem ceeb:

  • Lub peev xwm ntawm cov cuab yeej siv rau kev npaj cov duab kab ke tau nthuav dav, uas tam sim no txhawb nqa upload cov duab rau GCP (Google Cloud Platform), muab cov duab ncaj qha rau hauv lub thawv sau npe, kho qhov loj ntawm / khau raj muab faib, thiab kho qhov tsis sib xws (Blueprint) thaum lub sij hawm tsim duab (piv txwv li, ntxiv cov pob khoom thiab cov neeg siv tsim).
  • Muab lub peev xwm los siv Clevis tus neeg siv khoom (clevis-luks-systemd) kom tau txais kev qhib disk partitions encrypted nrog LUKS thiab txuas rau tom qab theem ntawm khau raj, tsis tas yuav tsum siv "systemctl pab clevis-luks-askpass.path" hais kom ua .
  • Ib pob xmlstarlet tshiab tau raug npaj, uas suav nrog cov khoom siv rau kev txheeb xyuas, hloov pauv, siv tau, rho tawm cov ntaub ntawv, thiab kho cov ntaub ntawv XML.
  • Ntxiv Kev Tshawb Fawb Txog Kev Tshawb Fawb muaj peev xwm los txheeb xyuas cov neeg siv khoom siv sab nraud (IdP, tus kws kho mob tus kheej) uas txhawb nqa OAuth 2.0 raws tu qauv txuas ntxiv "Device Authorization Grant" los muab OAuth nkag tokens rau cov khoom siv yam tsis tas siv browser.
  • Lub peev xwm ntawm lub luag haujlwm ntawm lub luag haujlwm tau nthuav dav, piv txwv li, kev txhawb nqa rau kev teeb tsa cov cai tswjfwm thiab siv nmstate API tau ntxiv rau lub luag haujlwm hauv lub network, kev txhawb nqa rau kev lim dej los ntawm cov lus tsis tu ncua (startmsg.regex, endmsg.regex) tau ntxiv rau lub luag haujlwm txiav, kev txhawb nqa tau ntxiv rau lub luag haujlwm khaws cia rau cov ntu uas tau faib cov chaw khaws cia ("thin provisioning"), muaj peev xwm tswj hwm ntawm /etc/ssh/sshd_config tau ntxiv rau lub luag haujlwm sshd, xa tawm ntawm Postfix kev txheeb xyuas kev ua tau zoo tau ntxiv rau lub luag haujlwm ntsuas, lub peev xwm los sau cov txheej txheem dhau los tau ua tiav hauv lub luag haujlwm firewall thiab kev txhawb nqa ntxiv, hloov kho thiab tshem tawm tau muab kev pabcuam nyob ntawm lub xeev.
  • Hloov tshiab cov neeg rau zaub mov thiab cov pob khoom: chrony 4.2, unbound 1.16.2, opencryptoki 3.18.0, powerpc-utils 1.3.10, libva 2.13.0, PCP 5.3.7, Grafana 7.5.13, SystemTap 4.7, NetworkManager, sam1.40. 4.16.1.
  • Cov tshiab versions ntawm compilers thiab cov cuab yeej tsim tawm suav nrog: GCC Toolset 12, LLVM Toolset 14.0.6, Rust Toolset 1.62, Go Toolset 1.18, Ruby 3.1, java-17-openjdk (java-11-openjdk thiab java-1.8.0 kuj tseem xa mus ntxiv. 3.8-openjdk), Maven 6.2, Mercurial 18, Node.js 6.2.7, Redis 3.19, Valgrind 12.1.0, Dyninst 0.187, elfutils XNUMX.
  • Hloov sysctl configuration processing kom phim systemd directory parsing - configuration files nyob rau hauv /etc/sysctl.d directory tam sim no ua qhov tseem ceeb tshaj cov hauv /run/sysctl.d directory.
  • Cov cuab yeej siv ReaR (Nyem-thiab-Rov qab) ntxiv lub peev xwm los ua kom tiav cov lus txib ua ntej thiab tom qab rov qab.
  • NSS cov tsev qiv ntawv tsis txhawb RSA cov yuam sij me dua 1023 khoom.
  • Qhov tseem ceeb txo lub sij hawm nws siv rau iptables-txuag kom txuag tau loj heev iptables txoj cai teev.
  • SSBD (spec_store_bypass_disable) thiab STIBP (spectre_v2_user) kev tiv thaiv kev tawm tsam tau hloov los ntawm "seccomp" mus rau "prctl", uas muaj kev cuam tshuam zoo rau kev ua haujlwm ntawm cov ntim khoom thiab cov ntawv thov uas siv cov txheej txheem seccomp los txwv kev nkag mus rau kev hu xov tooj.
  • Tus tsav tsheb rau Intel E800 Ethernet adapters txhawb nqa iWARP thiab RoCE raws tu qauv.
  • Cov khoom siv nfsrahead suav nrog thiab tuaj yeem siv los hloov NFS nyeem-ua ntej nqis.
  • Hauv Apache httpd nqis, tus nqi ntawm LimitRequestBody parameter tau hloov pauv ntawm 0 (tsis muaj kev txwv) mus rau 1 GB.
  • Ib pob tshiab tsim-kawg tau ntxiv uas suav nrog qhov tseeb version ntawm kev siv hluav taws xob.
  • Ntxiv kev txhawb nqa rau kev saib xyuas kev ua haujlwm ntawm cov tshuab nrog AMD Zen 2 thiab Zen 3 processors rau libpfm thiab papi.
  • SSSD (System Security Services Daemon) ntxiv kev txhawb nqa rau caching SID thov (piv txwv li, GID / UID checks) hauv RAM, uas ua rau nws muaj peev xwm ua kom ceev cov ntawv luam ntawm ntau cov ntaub ntawv los ntawm Samba server. Kev them nyiaj yug rau kev koom ua ke nrog Windows Server 2022 yog muab.
  • Rau 64-ntsis IBM POWER (ppc64le), pob khoom tau ntxiv los txhawb Vulkan graphics API.
  • Ntxiv kev txhawb nqa rau tus tshiab AMD Radeon RX 6 [345] 00 thiab AMD Ryzen 5/7/9 6 [689] 00 GPUs. Los ntawm lub neej ntawd, kev txhawb nqa rau Intel Alder Lake-S thiab Alder Lake-P GPUs tau qhib, uas yav tas los yuav tsum tau teeb tsa lub i915.alpha_support=1 lossis i915.force_probe = * parameter.
  • Kev them nyiaj yug rau configuring cryptopolicies tau ntxiv rau lub vev xaib console, muaj peev xwm rub tawm thiab nruab RHEL hauv lub tshuab virtual tau ntxiv, lub pob tau ntxiv rau cais kev txhim kho tsuas yog thaj ua rau thaj rau Linux kernel, cov ntaub ntawv kuaj mob tau nthuav dav, ib qho kev xaiv tau ntxiv rau reboot tom qab lub installation ntawm kev hloov tshiab tiav.
  • Ntxiv kev txhawb nqa rau ap-check hais kom ua rau mdevctl los teeb tsa kev xa mus rau crypto accelerators rau cov tshuab virtual.
  • Kev txhawb nqa tag nrho rau VMware ESXi hypervisor thiab SEV-ES (AMD Secure Encrypted Virtualization-Encrypted State) txuas ntxiv tau siv. Ntxiv kev txhawb nqa rau Azure huab ib puag ncig nrog cov txheej txheem raws li Ampere Altra architecture.
  • Hloov kho cov khoom siv tswj lub thawv cais, suav nrog cov pob khoom xws li Podman, Buildah, Skopeo, crun thiab runc. Ntxiv kev txhawb nqa rau GitLab Runner hauv ntim nrog runtime Podman. Lub netavark utility thiab Aardvark DNS server yog muab los teeb tsa lub thawv network subsystem.
  • Txhawm rau tswj kev ua kom muaj kev tiv thaiv qhov tsis zoo hauv MMIO (Memory Mapped Input Output) mechanism, kernel boot parameter "mmio_stale_data" yog siv, uas tuaj yeem siv qhov tseem ceeb "tag nrho" (pab kom tsis tu ncua thaum hloov mus rau tus neeg siv qhov chaw thiab VM. ), "tag nrho, nosmt" (raws li "tag nrho" + SMT / Hyper-Threads yog ntxiv tsis siv) thiab "tawm" (kev tiv thaiv yog neeg xiam).
  • Txhawm rau tswj kev ua kom muaj kev tiv thaiv ntawm Retbleed vulnerability, "retbleed" kernel boot parameter tau raug siv, los ntawm qhov koj tuaj yeem lov tes taw kev tiv thaiv ("tawm") lossis xaiv qhov tsis zoo thaiv cov algorithm (auto, nosmt, ibpb, unret).
  • acpi_sleep kernel boot parameter txhawb kev xaiv tshiab los tswj kev pw tsaug zog: s3_bios, s3_mode, s3_beep, s4_hwsig, s4_nohwsig, old_ordering, nonvs, sci_force_enable, thiab nobl.
  • Ntxiv cov tsav tsheb tshiab rau Maxlinear Ethernet GPY (mxl-gpy), Realtek 802.11ax 8852A (rtw89_8852a), Realtek 802.11ax 8852AE (rtw89_8852ae), Modem Host Interface (MHI), AMD PassThru Cirr (DMA) DRM DisplayPort (drm_dp_helper), Intel® Software Defined Silicon (intel_sdsi), Intel PMT (pmt_*), AMD SPI Master Controller (spi-amd).
  • Kev txhawb nqa txuas ntxiv rau eBPF kernel subsystem.
  • Txuas ntxiv muab kev sim (Technology Preview) kev txhawb nqa rau AF_XDP, XDP hardware offloading, Multipath TCP (MPTCP), MPLS (Multi-protocol Label Switching), DSA (cov ntaub ntawv streaming accelerator), KTLS, dracut, kexec ceev reboot, nispor, DAX hauv ext4 thiab xfs, systemd-resolved, accel-config, igc, OverlayFS, Stratis, Software Guard Extensions (SGX), NVMe/TCP, DNSSEC, GNOME ntawm ARM64 thiab IBM Z systems, AMD SEV rau KVM, Intel vGPU, Toolbox.

Tau qhov twg los: opennet.ru

Ntxiv ib saib