Wednesday, October 26, 2016

Joomla! 3.6.4 Security Release

The Joomla! project has just released a new version that fixes two critical security vulnerabilities, in addition to a bug fix for two-factor authentication.

This is a security release for the 3.x series and it only contains the security fixes, no other changes have been made. It is strongly suggested that you update your Joomla! website to the latest version.

You can find more info about these issue at the Joomla! release news.

We have released Bitnami Joomla! 3.6.4 Docker image, cloud imagesinstallers and virtual machines that fix these issues.

Do you already have a Joomla! installation? You can follow our guide about how to upgrade your application and you won't have to worry about these vulnerabilities.

If you have further questions about Bitnami Joomla! or this security issue, please post to our community forum, and we would be happy to help you.

Thursday, October 20, 2016

Dirty COW (CVE-2016-5195): Privilege escalation vulnerability in the Linux Kernel

[2016-10-26]

All the affected cloud images and virtual machines have been successfully patched.

If you are using a Bitnami Cloud Hosting instance, you can easily patch it by following the guide below while we upgrade the base images.

[2016-10-24]

The Bitnami Team is happy to announce that our images on Google, Azure, AWS Marketplace and regular images have been properly updated. Additionally, we will continue to work on releasing the images for our all of our cloud platform partners and virtual machines.

----

A new security vulnerability in the linux kernel has been discovered. You can find out more information about it in the following research report.

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

This could be abused by an attacker to modify existing setuid files with instructions to elevate privileges.

We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami and our team is working to update all of the affected Virtual Machines and Cloud Images available through Bitnami for all Cloud Providers.

Once the new kernel is available, you can update it by running the following commands (you must run the command specific to your distribution):

  • Ubuntu / Debian
sudo apt-get update && sudo apt-get dist-upgrade 

You will have the fixed version of the kernel after rebooting your server.

  • Oracle Linux, Red Hat, CentOS and Amazon Linux
sudo yum update 

You will have the fixed version of the kernel after rebooting your server.

If you have any questions about this process, please post to our community support forum and we will be happy to help! 

Wednesday, October 12, 2016

Bitnami Fall 2016 All-Hands: Bringing Together a Global Team

The Bitnami Team, September 2016

Why We Do It: Building a Better Global Team


Bitnami prides itself on having a highly capable, distributed team with employees working across five continents and six countries (Australia, India, Poland, Spain, United Kingdom, Uruguay, and USA).

While we're pretty adept at collaborating remotely with each other, we also believe it's important to create opportunities for face-to-face interactions where co-workers, regardless of home location, can put a face to the username (we primarily use Slack and Google Hangouts to communicate).  As a consequence, we give a high priority to having a regular All-Hands meeting where all the Bitnami employees from across the globe meet in person for a week of work, followed by a weekend of play.

Additionally, when we get the team together in person we're able to effectively share our company-wide goals and work together on plans to achieve them. Face time also provides an opportunity for brainstorming and other free-form activities that can be challenging to conduct remotely.

Getting a distributed team together in-person is certainly not unique to Bitnami, but it is an important part of our culture that we want potential new-hires to understand.

How We Structure It: Cross-Team Presentations


Our most recent All-Hands was our largest yet, and the entire Bitnami team gathered in our Seville office for a week-long series of presentations and collaboration.

To kick off each day, all of our teams, from Engineering to Operations, SRE, Finance, Business Development, Marketing, and Product provided an update on their latest progress and the roadmap ahead. These team-specific sessions provide an opportunity for people across different teams to develop a more concrete understanding of how each team's work fits into the overall company goals, which helps us all be more effective in working together.








We then had experts within the teams present on a wide variety of deeper-dive or special topics, most of which were requested by teammates via a pre-event survey. Some of the more notable topics included:

  1. How to Build Immutable Infrastructure
  2. Bitnami Platform Overview & Architecture
  3. The Importance of "Default to Open"
  4. Engineering Manager Expectations
  5. Financial Dynamics of SaaS Business
  6. Cloud and Container Landscapes

Some of the most interesting discussions were the result of informal Q&A throughout the presentations, which yielded deeper insights from those team members who are the closest to the work and products we produce.

Week of Work, Weekend of Play


After a productive week in Seville, the entire group traveled to the picturesque town of Sigüenza, Spain, for a weekend of rest and relaxation.

To the rest of the team's surprise, our incredible Operations team secretly arranged for us to rent the entire Parador de Sigüenza (Castle of Sigüenza), a former medieval castle turned into a luxury hotel. Take a look:







The weekend activities were designed to help Bitnami employees get to know one another by developing shared experience outside of our day-to-day roles. We enjoyed everything from traditional Spanish meals in the Parador dining room, a treasure hunt, cooking lessons, hiking in the nearby village of Pelegrina, and the much anticipated Bitnami karaoke party:






Of course, the views from the hill-top castle weren't bad either:


It's safe to say our stay at the Parador de Sigüenza was a blast for all Bitnami employees, and we hope you will consider joining us before our next All-Hands! 

Take a look at our current job openings to see if there is a role that is a good fit for you: https://bitnami.com/careers