BanyanOps have published a report stating that ‘Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities’, which include some of the sensational 2014 issues such as ShellShock and Heartbleed. The analysis also looks at user generated ‘general’ repositories and finds an even greater level of vulnerability.
Users and administrators of Red Hat-based Linux distributions version 6.6 should plan to update their systems as soon as possible due to the presence a significant bug that cause their system to deadlock.
Docker Inc have worked with the Center for Internet Security (CIS) to produce a benchmark document containing numerous recommendations for the security of Docker deployments. The benchmark was announced in a blog post ‘Understanding Docker Security and Best Practices’ by Diogo Mónica who was recently hired along with Nathan McCauley to lead the Docker Security team.
The Debian project has announced the new stable version of its operating system, codenamed “Jessie.” The new OS marks the shift to systemd, which replaces the previously used SystemV, and many more improvements.
The .NET Core runtime has realized the vision of being truly cross-platform with its arrival on Linux and Mac OS X. Last week at Microsoft Build, Microsoft Program Manager Habib Heydarian talked about how this benefits developers and where they can start to explore the new opportunities.
Microsoft has announced the release of a native Visual Studio application for Windows, Mac OS X, and Linux.
RancherOS claims to be a production-ready minimalist Linux distribution running on and dedicated to Docker containers. Fast booting, small binary fingerprint and alignment with latest Docker releases are some of the arguments supporting the claim.
Vincent Batts, senior software engineer at Red Hat, talked about Linux containers and Docker, covering the different storage drivers pros and cons, the image format and signing of images, at the virtualization developer room at FOSDEM.
Canonical has released the beta version of “snappy” Ubuntu Core, a lightweight and cloud-optimised version of Ubuntu Linux, on Microsoft Azure, Google Compute Engine and Amazon Web Services.
Canonical, the company behind Ubuntu, the most popular Linux distribution on the cloud launched a lightweight cloud-optimised version of the OS called Snappy Ubuntu Core.
For several months the developers of the popular Linux distribution Debian have had an intense internal debate as to whether the project should switch to systemd. Ultimately Debian has chosen to utilize systemd and as a result a new project has been announced that will instead remain on the previous system, sysvinit.
A remote exploit (CVE-2014-6271) has been in bash discovered that potentially affects any application that uses environment variables to pass data from unsanitised content, such as CGI scripts. After the release went public, other exploits were discovered (CVE-2014-7169). Official patches have been released to fix them. (Originally posted 24 September, updated 25, 26 and 29 September)
The recent vulnerabilities in the Bash shell initially stemmed from a remote execution exploit, which was patched and made available through responsible disclosure before being announced. However, since the initial release there have been other flaws detected which became zero day threats. What exactly was the problem with Shellshock, and is it truly fixed? InfoQ explains what happened.
Flocker is a volume and container management system for Docker based on ZFS. It allows for stateful containers, such as databases, to be moved between virtual or physical hosts. This provides a capability that is analogous to the live migration features of some virtual machine hypervisors. Version 0.1 has been released by ClusterHQ as an Apache 2.0 open source project.
CenturyLink has launched Panamax, a tool that they describe as ‘Docker Management for Humans’. Panamax distinguishes itself from other composition tools for Docker by offering a web based user interface, which can be used to compose multiple Docker containers into templates that can then be shared on GitHub.