DOCSLIB.ORG

Vulnerability Summary for the Week of June 12, 2017

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Vulnerability Summary for the Week of June 12, 2017 Vulnerability Summary for the Week of June 12, 2017 Please Note: • The vulnerabilities are categorized by their level of severity which is either High, Medium or Low. • The CVE identity number is the publicly known ID given to that particular vulnerability. Therefore, you can search the status of that particular vulnerability using that ID. • The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability. High Vulnerabilities Primary CVSS Source & Patch Vendor -- Product Description Published Score Info The cr_parser_parse_selector_core function in CVE-2017-8871 cr-parser.c in libcroco 0.6.12 allows remote MISC attackers to cause a denial of service (infinite EXPLOIT- loop and CPU consumption) via a crafted CSS 2017-06- DB(link is gnome -- libcroco file. 12 7.1 external) nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute CVE-2014-9984 the size of an internal buffer when processing BID(link is netgroup requests, possibly leading to an nscd external) daemon crash or code execution as the user 2017-06- CONFIRM gnu -- glibc running nscd. 12 7.5 CONFIRM CVE-2014-9960 BID(link is In all Android releases from CAF using the external) Linux kernel, a buffer overflow vulnerability 2017-06- CONFIRM(link google -- android exists in the PlayReady API. 13 9.3 is external) CVE-2014-9961 In all Android releases from CAF using the BID(link is Linux kernel, a vulnerability in eMMC write external) protection exists that can be used to bypass 2017-06- CONFIRM(link google -- android power-on write protection. 13 9.3 is external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2015-9023 BID(link is In all Android releases from CAF using the external) Linux kernel, a buffer overflow vulnerability 2017-06- CONFIRM(link google -- android exists in the PlayReady API. 13 9.3 is external) CVE-2015-9025 BID(link is In all Android releases from CAF using the external) Linux kernel, a buffer overflow vulnerability 2017-06- CONFIRM(link google -- android exists in a QTEE application. 13 9.3 is external) CVE-2015-9028 BID(link is In all Android releases from CAF using the external) Linux kernel, a buffer overflow vulnerability 2017-06- CONFIRM(link google -- android exists in a cryptographic routine. 13 9.3 is external) CVE-2016- 10340 In all Android releases from CAF using the BID(link is Linux kernel, an integer underflow leading to external) buffer overflow vulnerability exists in a syscall 2017-06- CONFIRM(link google -- android handler. 13 9.3 is external) CVE-2016- 10342 BID(link is In all Android releases from CAF using the external) Linux kernel, a buffer overflow vulnerability 2017-06- CONFIRM(link google -- android exists in a syscall handler. 13 9.3 is external) In all Android releases from CAF using the CVE-2017-7365 Linux kernel, a buffer overread can occur if a 2017-06- CONFIRM(link google -- android particular string is not NULL terminated. 13 9.3 is external) In all Android releases from CAF using the Linux kernel, a race condition exists in a video CVE-2017-7372 driver potentially leading to buffer overflow or 2017-06- CONFIRM(link google -- android write to arbitrary pointer location. 13 7.6 is external) In all Android releases from CAF using the CVE-2017-8236 Linux kernel, a buffer overflow vulnerability 2017-06- CONFIRM(link google -- android exists in an IPA driver. 13 9.3 is external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info In all Android releases from CAF using the CVE-2017-8237 Linux kernel, a buffer overflow vulnerability 2017-06- CONFIRM(link google -- android exists while loading a firmware image. 13 9.3 is external) In all Android releases from CAF using the CVE-2017-8238 Linux kernel, a buffer overflow vulnerability 2017-06- CONFIRM(link google -- android exists in a camera function. 13 9.3 is external) In all Android releases from CAF using the CVE-2017-8240 Linux kernel, a kernel driver has an off-by-one 2017-06- CONFIRM(link google -- android buffer over-read vulnerability. 13 9.3 is external) In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability CVE-2017-8241 exists in a WLAN function due to an incorrect 2017-06- CONFIRM(link google -- android message length. 13 9.3 is external) CVE-2016-7819 CONFIRM(link I-O DATA DEVICE TS-WRLP firmware is external) version 1.01.02 and earlier and TS-WRLA BID(link is firmware version 1.01.02 and earlier allows an external) iodata -- ts- attacker with administrator rights to execute 2017-06- JVN(link is wrla_firmware arbitrary OS commands via unspecified vectors. 09 9.0 external) CVE-2016-7820 Buffer overflow in I-O DATA DEVICE TS- CONFIRM(link WRLP firmware version 1.01.02 and earlier and is external) TS-WRLA firmware version 1.01.02 and earlier BID(link is allows an attacker with administrator rights to external) iodata -- ts- cause a denial-of-service (DoS) or execute 2017-06- JVN(link is wrla_firmware arbitrary code via unspecified vectors. 09 9.0 external) CVE-2016-7806 CONFIRM(link is external) I-O DATA DEVICE WFS-SR01 firmware BID(link is version 1.10 and earlier allow remote attackers to external) iodata -- wfs- execute arbitrary OS commands via unspecified 2017-06- JVN(link is sr01_firmware vectors. 09 10.0 external) The quicktime_read_moov function in moov.c in CVE-2017-9122 libquicktime 1.2.4 allows remote attackers to EXPLOIT- libquicktime -- cause a denial of service (infinite loop and CPU 2017-06- DB(link is libquicktime consumption) via a crafted mp4 file. 12 7.1 external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2016-7836 BID(link is external) CONFIRM(link is external) SKYSEA Client View Ver.11.221.03 and earlier JVN(link is allows remote code execution via a flaw in external) skygroup -- processing authentication on the TCP connection 2017-06- CONFIRM(link skysea_client_view with the management console program. 09 10.0 is external) Medium Vulnerabilities Primary CVSS Source & Vendor -- Product Description Published Score Patch Info CVE-2016- 7837 BID(link is Buffer overflow in BlueZ 5.41 and earlier external) allows an attacker to execute arbitrary CONFIRM code via the parse_line function used in 2017-06- JVN(link is bluez -- bluez some userland utilities. 09 4.6 external) CVE-2016- 7821 CONFIRM(link Buffalo WNC01WH devices with is external) firmware version 1.0.0.8 and earlier allow BID(link is remote attackers to cause a denial of external) buffalotech -- service against the management screen via 2017-06- JVN(link is wnc01wh_firmware unspecified vectors. 09 4.3 external) CVE-2016- Cross-site request forgery (CSRF) 7822 vulnerability in Buffalo WNC01WH CONFIRM(link devices with firmware version 1.0.0.8 and is external) earlier allows remote attackers to hijack BID(link is the authentication of a logged in user to external) buffalotech -- perform unintended operations via 2017-06- JVN(link is wnc01wh_firmware unspecified vectors. 09 6.8 external) CVE-2016- Buffalo NC01WH devices with firmware 7824 buffalotech -- 2017-06- version 1.0.0.8 and earlier allows CONFIRM(link wnc01wh_firmware 09 6.5 authenticated attackers to bypass access is external) Primary CVSS Source & Vendor -- Product Description Published Score Patch Info restriction to enable the debug option via BID(link is unspecified vectors. external) JVN(link is external) CVE-2016- 7825 CONFIRM(link Directory traversal vulnerability in Buffalo is external) WNC01WH devices with firmware BID(link is version 1.0.0.8 and earlier allows external) buffalotech -- authenticated attackers to read arbitrary 2017-06- JVN(link is wnc01wh_firmware files via specially crafted commands. 09 4.0 external) CVE-2016- 7826 CONFIRM(link Directory traversal vulnerability in Buffalo is external) WNC01WH devices with firmware BID(link is version 1.0.0.8 and earlier allows external) buffalotech -- authenticated attackers to read arbitrary 2017-06- JVN(link is wnc01wh_firmware files via specially crafted POST requests. 09 4.0 external) Cross-site scripting vulnerability in WP CVE-2017- Live Chat Support prior to version 7.0.07 2187 allows remote attackers to inject arbitrary JVN(link is codecabin_ -- web script or HTML via unspecified 2017-06- external) wp_live_chat_support vectors. 09 4.3 CONFIRM CVE-2016- 7808 CONFIRM(link Cross-site scripting vulnerability in is external) Corega CG-WLBARGMH and CG- BID(link is WLBARGNL allows remote attackers to external) corega -- cg- inject arbitrary web script or HTML via 2017-06- JVN(link is wlbargnl_firmware unspecified vectors. 09 4.3 external) Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX CVE-2016- firmware Ver. 1.20 and earlier allows 7809 remote attackers to hijack the CONFIRM(link authentication of logged in user to conduct is external) corega -- cg- unintended operations via unspecified 2017-06- BID(link is wlr300nx_firmware vectors. 09 6.8 external) Primary CVSS Source & Vendor -- Product Description Published Score Patch Info JVN(link is external) CVE-2016- 7811 CONFIRM(link Corega CG-WLR300NX firmware Ver. is external) 1.20 and earlier allows an attacker on the BID(link is same network segment to bypass access external) corega -- cg- restriction to perform arbitrary operations 2017-06- JVN(link is wlr300nx_firmware via unspecified vectors. 09 5.8 external) CVE-2016- 7832 BID(link is Cybozu Dezie 8.0.0 to 8.1.1 allows remote external) attackers to bypass access restrictions to JVN(link is obtain an arbitrary DBM (Cybozu Dezie external) proprietary format) file via unspecified 2017-06- CONFIRM(link cybozu -- dezie vectors. 09 5.0 is external) CVE-2016- 7833 BID(link is Cybozu Dezie 8.0.0 to 8.1.1 allows remote external) attackers to bypass access restrictions to JVN(link is delete an arbitrary DBM (Cybozu Dezie external) proprietary format) file via unspecified 2017-06- CONFIRM(link cybozu -- dezie vectors.
Load more

Recommended publications
  • Open Virtualization Infrastructure for Large Telco: How Turkcell Adopted Ovirt for Its Test and Development Environments
    Open Virtualization Infrastructure for large Telco: How Turkcell adopted oVirt for its test and development environments DEVRIM YILMAZ SAYGIN BAKTIR Senior Expert Cloud Engineer Cloud Systems Administrator 09/2020 This presentation is licensed under a Creative Commons Attribution 4.0 International License About Turkcell ● Turkcell is a digital operator headquartered in Turkey ● Turkcell Group companies operate in 5 countries – Turkey, Ukraine, Belarus, Northern Cyprus, Germany ● Turkcell is the only NYSE-listed company in Turkey. ● www.turkcell.com.tr 3 Business Objectives ● Alternative solutions compatible with Turkcell operational and security standards ● Dissemination of open source infrastructure technologies within the company ● Competitive infrastructure with cost advantage 3 The journey of oVirt 4 The Journey of oVirt 3. Step three 1. Research & 2. Go-Live 3. Go-Live 4. Private Cloud 5. Go-Live Development Phase-1 Phase-2 Automation RHV 5 Research & Development ● Motivation Factors ○ Cost 1. Research & ○ Participation Development ○ Regulation ○ Independence ○ Expertise ● Risk Factors ○ Security ○ Quality ○ Compliance ○ Support ○ Worst Practices 6 Research & Development ● Why oVirt? ○ Open Source licensing 1. Research & ○ Community contribution Development ○ The same roadmap with commercial product ○ Support via subscription if required ○ Adequate features for enterprise management ○ Rest API support 6 Research & Development ● Difficulties for new infra solution ○ Integration with current infrastructure 1. Research & - Centralized Management Development - Certified/Licensed Solutions - Integration Cost ○ Incident & Problem Management - 3rd Party Support - Support with SLA ○ Acquired Habits - Customer Expectations - Quality of IT Infrastructure Services 6 Research & Development ● What we achieved ○ Building of PoC environment 1. Research & ○ V2V Migration Development ○ Upgrade Tests starting with v.4.3.2 ○ Functional Tests ○ Backup Alternative Solutions 6 Go-Live Phase-1 ● Phase-1 contains : ○ Building of new oVirt platform with unused h/w 2.
    [Show full text]
  • VDI with UDS Enterprise and Microsoft Hyper-V
    UDS Enterprise VDI with UDS Enterprise & Microsoft Hyper-V www.udsenterprise.com About UDS Enterprise UDS Enterprise functionalities UDS Enterprise is a multiplatform connection broker . Scalable platform. It supports configurations for: in high availability by deploying several UDS Enterprise brokers in cluster . VDI: Windows and Linux virtual desktops . Unlimited number of configurations thanks to administration and deployment its additional module management system . Windows and Linux app virtualization and the definition of configuration variables . Desktop services consolidation on two levels: . Remote access to physical and virtual devices o Definition of configuration variables at system level UDS Enterprise is ideal for managing workstations o Definition of independent module because, among other functions, it allows you to configuration variables perform the following tasks: . Virtual desktop cache system in two levels for fast connection . Manage the life cycle of the endpoint . Administer and manage Windows and Linux . Management of unlimited services (Microsoft virtual desktops, virtualized applications and Hyper-V, Microsoft Azure, VMware vSphere, IP services deployed on different platforms Nutanix Acropolis, OpenNebula, OpenStack, from a single console Proxmox, oVirt, Terminal Server…) . Connect users and user groups of different . Unlimited user and device authentication authentication systems at the same time with systems (AD, Microsoft Azure Active virtual desktops and different IP services Directory, eDirectory, LDAP, SAML, internal . Connect users with remote desktop services by enabling one or more connection authentication system, authentication by IP) protocols at the same time . Log visualization system and system . Define policies for the use of deployed virtual statistics desktops or other resources . Deployment of virtual desktops in multiple . Deploy template-based virtual desktops hypervisors at the same time and managed .
    [Show full text]
  • Tools for Cloud Infrastructure: Build & Release
    Tools for Cloud Infrastructure: Build & Release With source code management tools like Git, we can easily version the code and retrieve the same bits we saved in the past. This saves a lot of time and helps developers automate most of the non-coding activities, like creating automated builds, running tests, etc. Extending the same analogy to infrastructure would allow us to create a reproducible deployment environment, which is referred to as Infrastructure as a Code. Infrastructure as a Code helps us create a near production-like environment for development, staging, etc. With some tooling around them, we can also the create same environments on different cloud providers. By combining Infrastructure as a Code with versioned software, we are guaranteed to have a re-producible build and release environment every time. In this chapter we will take a look into two such tools: Terraform and BOSH. Introduction to Terraform Terraform is a tool that allows us to define the infrastructure as code. This helps us deploy the same infrastructure on VMs, bare metal or cloud. It helps us treat the infrastructure as software. The configuration files can be written in HCL (HashiCorp Configuration Language). Terraform Providers Physical machines, VMs, network switches, containers, etc. are treated as resources, which are exposed by providers. A provider is responsible for understanding API interactions and exposing resources, which makes Terraform agnostic to the underlying platforms. A custom provider can be created through plugins. Terraform has providers in different stacks: IaaS: AWS, DigitalOcean, GCE, OpenStack, etc. PaaS: Heroku, CloudFoundry, etc. SaaS: Atlas, DNSimple, etc. Features According to the Terraform website, it has following "key features: Infrastructure as Code: Infrastructure is described using a high-level configuration syntax.
    [Show full text]
  • Model to Implement Virtual Computing Labs Via Cloud Computing Services
    S S symmetry Article Model to Implement Virtual Computing Labs via Cloud Computing Services Washington Luna Encalada 1,2,* ID and José Luis Castillo Sequera 3 ID 1 Department of Informatics and Electronics, Polytechnic School of Chimborazo, Riobamba 060155, EC, Ecuador 2 Department of Doctorate in Systems Engineering and Computer Science, National University of San Marcos, Lima 15081, Peru; [email protected] 3 Department of Computer Sciences, Higher Polytechnic School, University of Alcala, 28871 Alcala de Henares, Spain; [email protected] * Correspondence: [email protected]; Tel.: +593-032-969-472 Academic Editor: Yunsick Sung Received: 1 May 2017; Accepted: 3 July 2017; Published: 13 July 2017 Abstract: In recent years, we have seen a significant number of new technological ideas appearing in literature discussing the future of education. For example, E-learning, cloud computing, social networking, virtual laboratories, virtual realities, virtual worlds, massive open online courses (MOOCs), and bring your own device (BYOD) are all new concepts of immersive and global education that have emerged in educational literature. One of the greatest challenges presented to e-learning solutions is the reproduction of the benefits of an educational institution’s physical laboratory. For a university without a computing lab, to obtain hands-on IT training with software, operating systems, networks, servers, storage, and cloud computing similar to that which could be received on a university campus computing lab, it is necessary to use a combination of technological tools. Such teaching tools must promote the transmission of knowledge, encourage interaction and collaboration, and ensure students obtain valuable hands-on experience.
    [Show full text]
  • Attacker Chatbots for Randomised and Interactive Security Labs, Using Secgen and Ovirt
    Hackerbot: Attacker Chatbots for Randomised and Interactive Security Labs, Using SecGen and oVirt Z. Cliffe Schreuders, Thomas Shaw, Aimée Mac Muireadhaigh, Paul Staniforth, Leeds Beckett University Abstract challenges, rewarding correct solutions with flags. We deployed an oVirt infrastructure to host the VMs, and Capture the flag (CTF) has been applied with success in leveraged the SecGen framework [6] to generate lab cybersecurity education, and works particularly well sheets, provision VMs, and provide randomisation when learning offensive techniques. However, between students. defensive security and incident response do not always naturally fit the existing approaches to CTF. We present 2. Related Literature Hackerbot, a unique approach for teaching computer Capture the flag (CTF) is a type of cyber security game security: students interact with a malicious attacker which involves collecting flags by solving security chatbot, who challenges them to complete a variety of challenges. CTF events give professionals, students, security tasks, including defensive and investigatory and enthusiasts an opportunity to test their security challenges. Challenges are randomised using SecGen, skills in competition. CTFs emerged out of the and deployed onto an oVirt infrastructure. DEFCON hacker conference [7] and remain common Evaluation data included system performance, mixed activities at cybersecurity conferences and online [8]. methods questionnaires (including the Instructional Some events target students with the goal of Materials Motivation Survey (IMMS) and the System encouraging interest in the field: for example, PicoCTF Usability Scale (SUS)), and group interviews/focus is an annual high school competition [9], and CSAW groups. Results were encouraging, finding the approach CTF is an annual competition for students in Higher convenient, engaging, fun, and interactive; while Education (HE) [10].
    [Show full text]
  • Microsoft Patches Were Evaluated up to and Including CVE-2020-1587
    Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability
    [Show full text]
  • Ovirt and Openstack Storage (Present and Future)
    oVirt and OpenStack Storage (present and future) Federico Simoncelli Principal Software Engineer, Red Hat January 2014 1 Federico Simoncelli – oVirt and OpenStack Storage (present and future) Agenda ● Introduction ● oVirt and OpenStack Overview ● Present ● oVirt and Glance Integration ● Importing and Exporting Glance Images ● Current Constraints and Limitations ● Future ● Glance Future Integration ● Keystone Authentication in oVirt ● oVirt and Cinder Integration 2 Federico Simoncelli – oVirt and OpenStack Storage (present and future) oVirt Overview ● oVirt is a virtualization management application ● manages hardware nodes, storage and network resources, in order to deploy and monitor virtual machines running in your data center ● Free open source software released under the terms of the Apache License 3 Federico Simoncelli – oVirt and OpenStack Storage (present and future) The oVirt Virtualization Architecture 4 Federico Simoncelli – oVirt and OpenStack Storage (present and future) OpenStack Overview ● Cloud computing project to provide an Infrastructure as a Service (IaaS) ● Controls large pools of compute, storage, and networking resources ● Free open source software released under the terms of the Apache License ● Project is managed by the OpenStack Foundation, a non-profit corporate entity established in September 2012 5 Federico Simoncelli – oVirt and OpenStack Storage (present and future) OpenStack Glance Service ● Provides services for discovering, registering, and retrieving virtual machine images ● RESTful API that allows querying
    [Show full text]
  • Mcafee Foundstone Fsl Update
    2017-SEP-12 FSL version 7.5.958 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 22374 - (MSPT-Sept2017) Microsoft Windows NetBIOS Remote Code Execution (CVE-2017-0161) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0161 Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution. The flaw lies in NetBIOS. Successful exploitation by a remote attacker could result in the execution of arbitrary code. 22388 - (MSPT-Sept2017) Microsoft Internet Explorer Memory Corruption Remote Code Execution (CVE-2017-8749) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8749 Description A vulnerability in some versions of Microsoft Internet Explorer could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Internet Explorer could lead to remote code execution. The flaw is due to a memory corruption error. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document. 22404 - (MSPT-Sep2017) Microsoft Win32k Graphics Remote Code Execution Vulnerability (CVE-2017-8682) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8682 Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
    [Show full text]
  • Paas Solutions Evaluation
    PaaS solutions evaluation August 2014 Author: Sofia Danko Supervisors: Giacomo Tenaglia Artur Wiecek CERN openlab Summer Student Report 2014 CERN openlab Summer Student Report 2014 Project Specification OpenShift Origin is an open source software developed mainly by Red Hat to provide a multi- language PaaS. It is meant to allow developers to build and deploy their applications in a uniform way, reducing the configuration and management effort required on the administration side. The aim of the project is to investigate how to deploy OpenShift Origin at CERN, and to which extent it could be integrated with CERN "Middleware on Demand" service. The student will be exposed to modern cloud computing concepts such as PaaS, and will work closely with the IT middleware experts in order to evaluate how to address service needs with a focus on deployment in production. Some of the tools that are going to be heavily used are Puppet and Openstack to integrate with the IT infrastructure. CERN openlab Summer Student Report 2014 Abstract The report is a brief summary of Platform as a Service (PaaS) solutions evaluation including investigation the current situation at CERN and Services on Demand provision, homemade solutions, external market analysis and some information about PaaS deployment process. This first part of the report is devoted to the current status of the process of deployment OpenShift Origin at existing infrastructure at CERN, as well as specification of the common issues and restrictions that were found during this process using different machines for test. Furthermore, the following open source software solutions have been proposed for the investigation of possible PaaS provision at CERN: OpenShift Online; Cloud Foundry; Deis; Paasmaster; Cloudify; Stackato; WSO2 Stratos.
    [Show full text]
  • Openshift Vs Pivotal Cloud Foundry Comparison Red Hat Container Stack - Pivotal Cloud Foundry Stack
    OPENSHIFT VS PIVOTAL CLOUD FOUNDRY COMPARISON RED HAT CONTAINER STACK - PIVOTAL CLOUD FOUNDRY STACK 3 AT A GLANCE PIVOTAL CF OPENSHIFT • ●Garden and Diego • ●Docker and Kubernetes • ●.NET and Spring • ●.NET, Spring and JBoss Middleware • ●Only Cloud-native apps (including full Java EE) • ●Container security on Ubuntu • ●Cloud-native and stateful apps • ●Deployment automation • ●Enterprise-grade security on • ●Open Core Red Hat Enterprise Linux • ●Pivotal Labs consulting method • ●Complete Ops Management • ●100% Open Source 5X PRICE • ●Red Hat Innovation Labs consulting method BRIEF COMPARISON PIVOTAL CF OPENSHIFT GARDEN & DIEGO DOCKER & KUBERNETES • ●Garden uses OCI runC backend • ●Portable across all docker platforms • ●Not portable across Cloud Foundry distros • ●IP per container • ●Containers share host IP • ●Integrated image registry • ●No image registry • ●Image build from source and binary • ●Private registries are not supported • ●Adoption in many solutions • ●No image build • ●Adoption only in Cloud Foundry 11 NO NATIVE DOCKER IN CLOUD FOUNDRY Converters Are Terrible Cloud Foundry is based on the Garden container runtime, not Docker, and then has RunC and Windows backends. RunC is not Docker, just the lowest runtime layer Docker Developer Experience Does Not Exist in PCF PCF “cf push” Dev Experience does not exist for Docker. In Openshift v3 we built S2I to provide that same experience on top of native Docker images/containers Diego Is Not Kubernetes Kubernetes has become the defacto standard for orchestrating docker containers.
    [Show full text]
  • From a Pipeline to a Government Cloud
    From a pipeline to a government cloud Toby Lorne SRE @ GOV.UK Platform-as-a-Service www.toby.codes github.com/tlwr github.com/alphagov From a pipeline to a government cloud How the UK government deploy a Platform-as-a-Service using Concourse, an open-source continuous thing-doer From a pipeline to a government cloud 1. GOV.UK PaaS overview 2. Concourse overview 3. Pipeline walkthrough 4. Patterns and re-use What is GOV.UK PaaS? What is a Platform-as-a Service? What are some challenges with digital services in government? How does GOV.UK PaaS make things better? What is a PaaS? Run, manage, and maintain apps and backing services Without having to buy, manage, and maintain infrastructure or needing specialist expertise Here is my source code Run it for me in the cloud I do not care how Deploy to production safer and faster Reduce waste in the development process Proprietary Open source Heroku Cloud Foundry Pivotal application service DEIS EngineYard Openshift Google App Engine kf AWS Elastic Beanstalk Dokku Tencent BlueKing Rio Why does government need a PaaS? UK-based web hosting for government services Government should focus on building useful services, not managing infrastructure Enable teams to create services faster Reduce the cost of procurement and maintenance An opinionated platform promotes consistency Communication within large bureaucracies can be slow Diverse app workloads are impossible to reason about Highly leveraged team requires trust and autonomy Only able to do this because of open source software and communities APPS
    [Show full text]
  • 60 Recipes for Apache Cloudstack
    60 Recipes for Apache CloudStack Sébastien Goasguen 60 Recipes for Apache CloudStack by Sébastien Goasguen Copyright © 2014 Sébastien Goasguen. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://safaribooksonline.com). For more information, contact our corporate/ institutional sales department: 800-998-9938 or [email protected]. Editor: Brian Anderson Indexer: Ellen Troutman Zaig Production Editor: Matthew Hacker Cover Designer: Karen Montgomery Copyeditor: Jasmine Kwityn Interior Designer: David Futato Proofreader: Linley Dolby Illustrator: Rebecca Demarest September 2014: First Edition Revision History for the First Edition: 2014-08-22: First release See http://oreilly.com/catalog/errata.csp?isbn=9781491910139 for release details. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. 60 Recipes for Apache CloudStack, the image of a Virginia Northern flying squirrel, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
    [Show full text]