It seems like Lenovo releases a new BIOS firmeware every month for its ThinkPad, at least for the ThinkPad P1 Gen1. On July 21, the BIOS firmware version 1.31 was released. CHANGES IN THIS RELEASE Version 1.31 [Important updates] - Address CVE-2020-0548, (https://cve.mitre.org//cgi-bin//cvename.cgi?name=CVE-2020-0548) - Address CVE-2020-0549, (https://cve.mitre.org//cgi-bin//cvename.cgi?name=CVE-2020-0549) - Address CVE-2020-0543, (https://cve.mitre.org//cgi-bin//cvename.cgi?name=CVE-2020-0543) [New functions or enhancements] - Updated the CPU microcode. [Problem fixes] - Fixed an issue where Force PXE boot by Intel AMT did not work. This firmware supports both ThinkPad P1 Gen1 and ThinkPad X1 Extreme 1: ...

To change the passphrase on your default RSA key: ➜ ssh-keygen -p Enter file in which the key is (/home/kenno/.ssh/id_rsa): Enter new passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved with the new passphrase. Note that if you have more a different key, you can either supply it at the “Enter file in which key is” prompt or provide this file to the ssh-keygen argument with the -f option. E.g.: ...

In my previous blog post, Managing File System Encryption with LUKS, I showed how to create an encrypted partition (of disk) using LUKS. Today, I’d like to show you how we can change the passphrase on this LUKS encrypted partition and keeping this passphrase (key) in the same slot. While I’m writing this blog post, I cannot remember how to do this, and I’m going to try to figure this out without doing the Google search. :) ...

Update BIOS firmware version 1.9.1 is available for Dell Latitude 7400. This firmware was released on 30 June 2020. It is marked Urgent and contains the following fixes and enhancements: Fixes: Fixed the issue where the system cannot detect the Intel Software Guard Extensions (SGX) device when SGX is enabled. Firmware updates to address security advisory INTEL-SA-00295 (CVE-2020-0531, CVE-2020-0532, CVE-2020-0533, CVE-2020-0535, CVE-2020-0536, CVE-2020-0537, CVE-2020-0538, CVE-2020-0539, CVE-2020-0540, CVE-2020-0545, CVE-2020-0594, CVE-2020-0595, CVE-2020-0596, and CVE-2020-8674). Firmware updates to address the Intel Security Advisory INTEL-SA-00320 (CVE-2020-0543). Firmware updates to address the Intel Security Advisory INTEL-SA-00329 (CVE-2020-0548 and CVE-2020-0549). Firmware updates to address the Intel Security Advisory INTEL-SA-00322 (CVE-2020-0528 and CVE-2020-0529). Enhancements: ...

This blog post is mainly about my practicing of managing security risk on a RHEL system, especially learning how to use the occasionally option passed to YUM command. It is probably not a good resource teaching how to properly manage security risks in general. Identify all critical, important, and moderate security notices on this server. [root@puppet2 ~]# yum updateinfo --security Updating Subscription Management repositories. Red Hat Enterprise Linux 8 for x86_64 - Supplementary (RPMs) 21 kB/s | 2.1 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 27 kB/s | 2.8 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 475 B/s | 2.4 kB 00:05 EPEL8 x86_64 28 kB/s | 2.8 kB 00:00 Updates Information Summary: available 2 Security notice(s) 2 Important Security notice(s) Determine how many security-related packages are available for this machine. ...