In the new RHEL 8.3, Intel’s TSX is now disabled by default. There are also many other updates from the security and administration areas.
With the new release 8.3 Red Hat updates its Linux distribution for business. RHEL now disables Intel’s Transactional Synchronization Extensions (TSX) by default. This is for security reasons, since the TSX Asynchronous Abort (TAA) vulnerability in certain Xeon processors represents a serious security hole.
Users can, however, activate TSX manually if they wish, and it can also be done in the BIOS setup of most systems also switch off. TSX – formerly known as transactional memory – is primarily intended to accelerate databases. TAA has been known since 2018 and Intel drew sharp criticism for its late security updates that don’t quite fix it.
News for the system roles
Also expanded Red Hat has its system roles, which can be used to specify and automate configurations. New features include support for kernel parameters, log settings, as well as SAP HANA and SAP NetWeaver. Furthermore, the administrator can now use the system roles to make security configurations for identity management, certificate management and network-bound disk encryption (NBDE).
There is also an update for Tuned that improves the performance of the RHEL system optimized with preconfigured profiles for the respective server architecture. Also on board are new SCAP (Secure Content Automation Protocol) profiles for the Center for Internet Security (CIS) and HIPAA, which is a US health information protection law. With the SCAP profiles, companies should increase the security of their systems with the help of best practices and technical standards.
In addition, the application streams will receive an update, which now support Node.js 14 and Ruby 2.7, among other things. The tool separates frameworks for developers, databases and container tools from core components of the operating system. In addition, there are many updates for packages, readers can find details on this in the announcement of the release. The predecessor 8.2 saw the light of day in April 2020, while RHEL 8 was released in 2019 and will be supported for ten years.