Home Tags MOD

Tag: MOD

SimCentric Technologies to exhibit at ITEC at Rotterdam, Netherlands – 16th...

SimCentric Technologies will be exhibiting at ITEC in Rotterdam, 16th – 18th May 2017. With vast ongoing global investment in the VBS3 virtual platform including UK MoD (DVS), US Army (GFT) and US Marine Corps (DVTE & ISMT), SimCentric’s value adding VBS3 middleware maximizes the return on this financial and training investment for militaries worldwide.

At ITEC, SimCentric will be demonstrating their flagship VBS3 FiresFST Pro enabling full spectrum offensive fires, close air support and... Source: RealWire

Sid Meier tells Civilization’s origin story, cites children’s history books

Lack of mod support was “horribly wrong;” responds to question about remaster.

KopiLuwak: A New JavaScript Payload from Turla

A new, unique JavaScript payload is now being used by Turla in targeted attacks.

This new payload, dubbed KopiLuwak, is being delivered using embedded macros within Office documents.

UK fails to gag press over ID of ex-spy at center...

EnlargeSpencer Platt/Getty Images reader comments 48 Share this story His name is now scribbled all over the Web, and the ex-MI6 man who is alleged to have compiled a dossier containing unsubstantiated and lurid claims about US President-elect Donald Trump is reportedly in hiding. However, despite the details being readily available online, the UK's ministry of defence—following a long-standing practice—politely requested the British press to carefully consider the potential consequences of disclosing the individual's name.
In a letter to editors and publishers, retired RAF Air Vice-Marshal Andrew Vallance, who holds the post of defence and security media advisory secretariat, said on Wednesday: In view of media stories alleging that a former SIS [secret intelligence service; MI6] officer was the source of the information which allegedly compromises president-elect Donald Trump, would you and your journalists please seek my advice before making public that name. The guidance was given through fear that revealing the identity of the ex-MI6 man "could assist terrorist or other hostile organisations." Nonetheless, the BBC and other major British news organisations have disclosed details of the individual, whose name and current directorship at a London-based private security firm was initially published in the US press and heavily shared on social media. But such a decision by the BBC and others is a stark departure from the past when publications and broadcasters that received a so-called D-notice (defence notice), later replaced by a DA-notice (defence advisory notice), would often fall into line with the MoD's request in a very British spirit of collaboration. Enlarge / Google quit the D-notice committee in response to the Snowden revelations. NOVA/PBS The D-notice first came into play in 1912, two years before World War I broke out, when Whitehall mandarins decided that an organisation should be created that addressed matters of national interest. Members of the press were included on the advisory panel, and they remain so to this day. However, the makeup has changed a little: the likes of Google representatives have sat on the committee, for example, though, the US ad giant withdrew its voluntary support in light of Edward Snowden's damning disclosures about the NSA. Historically, publishers and editors have largely responded in kind to the frightfully polite requests from the MoD. Members of the committee have long argued that it doesn't amount to censorship from the British government, instead insisting that they are simply exercising restraint with stories that may, on reflection, damage national security.

But Vallance and his predecessors can only gently nudge the press to consider the sensitive material they have in their possession before publishing it. Where disputes arise between the government and publications, Vallance works independently as a go-between to "help resolve disagreement about what should be disclosed" before any legal action is taken against the press to suppress information by way of a court injunction. But today, the relevance of the D-notice—as it continually tends to be described—seems to be slowly ossifying, and we can see this from the decision by the likes of the BBC to publish the name of the ex-spy at the centre of the uncorroborated Trump dossier story, which claims that Russia has compromising information about the president-elect. In 2015, in acknowledgement that it was becoming increasingly difficult to put a lid on sensitive information being shared online, the UK government renamed the DA-notice to the Defence and Security Media Advisory (DSMA)—a system which currently costs £250,000 a year to run.

The inclusion of the word "security" is perhaps there to try to make it crystal clear to the media that supposedly risky disclosures endanger not only military and spook-types, but also British citizens. But, while it continues to try to sign up more digital and social media representatives, the DSMA committee has admitted that there is "no obvious answer" to the challenges presented by the Web.
It has previously argued that the "mainstream media" remains the superior source for news, regardless of gossipy tittle-tattle—no matter how inflammatory or lacking in reality—that is shared online.

Events in recent months, though, seem to suggest that the line is more blurred than ever before because it is far less clear who is setting the news agenda. We're in for a long four years if the answer turns out to be Trump's Twitter account. This post originated on Ars Technica UK

US Navy runs into snags with aircraft carrier’s electric plane-slingshot

EMAL system was nearly bought by the UK. Bullet dodged? Oh no The US Navy is having difficulties with its latest aircraft carrier's Electromagnetic Aircraft Launching System (EMALS) – the same system which the UK mooted fitting to its new Queen Elizabeth-class carriers. The US Department of Operational Test and Evaluation (DOTE) revealed yesterday, in its end-of-year report [PDF] for financial year 2016, that the EMALS fitted to the new nuclear-powered carrier USS Gerald R. Ford put "excessive airframe stress" on aircraft being launched. This stress "will preclude the Navy from conducting normal operations of the F/A-18A-F and EA-18G from CVN 78", according to DOTES, which said the problem had first been noticed in 2014. In addition, EMALS could not "readily" be electrically isolated for maintenance, which DOTE warned "will preclude some types of EMALS and AAG (Advanced Arresting Gear) maintenance during flight operations", decreasing their operational availability. The Gerald R. Ford is supposed to be able to launch 160 sorties in a 12-hour day – an average of one takeoff or landing every 4.5 minutes. She is supposed to be able to surge to 270 sorties in a 24-hour period. Britain considered fitting EMALS to its two new Queen Elizabeth-class aircraft carriers right back at the design stage. Indeed, the ability to add catapults and arrester gear to the ships was specified right from the start. Lewis Page, late of this parish, summed up what happened when the government tried to exercise that option: "... it later got rescinded, on the grounds that putting catapults into the ships was not going to cost £900m – as the 2010 [Strategic Defence and Security Review] had estimated – but actually £2bn for [HMS] Prince of Wales and maybe £3bn for Queen Elizabeth. This would double the projected price of the two ships." The Aircraft Carrier Alliance – heavily dominated by BAE Systems – had not designed the new carriers to have EMALS fitted at all, taking advantage of naïve MoD civil servants who didn't get a price put into the contract for the conversion work. Bernard Gray, chief of defence materiel, told Parliament in 2013: Because the decision to go STOVL [that is the initial decision for jumpjets] was taken in, from memory, 2002, no serious work had been done. It had been noodled in 2005, but no serious work had been done on it. It was not a contract-quality offer; it was a simple assertion that that could be done, but nobody said, "It can be done at this price", and certainly nobody put that in a contract. The US woes with EMALS are not complete showstoppers. EMALS is a new design, technology and piece of equipment, up against mature steam-powered catapult tech which hasn't really changed in more than five decades. Gerald R. Ford is the first-of-class of the new breed of US aircraft carriers which will see that country's navy through to the second half of this century. That said, the fact that problems identified in 2014 are still a problem two years later, and make it impossible to safely deploy fully-loaded combat aircraft, may come back to bite the US Navy. Oddly, Gerald R. Ford's timetable for introduction into service – handover to the USN early this year, flight testing in 2018 and 2019, and operational deployment by 2021 – closely mirrors that of HMS Queen Elizabeth. Britain's new aircraft carriers have no catapult system at all. The only fast jets capable of flying from them are Harriers (as operated by the US Marine Corps) and the F-35B. HMS Queen Elizabeth, whose sea trials date keeps slipping back to later and later this year, is planned to carry about 20 F-35s on her first operational deployment to the South China Sea in 2021. Sources tell The Register that plans to operate F-35s from land bases once they are delivered to the UK have been shelved in favour of getting Queen Elizabeth to sea with as large an air wing as possible. Previously, military planners were working on the assumption that just 12 jets would be carried aboard QE on her first operational deployment, with the rest left in the UK for the RAF to play with. Sponsored: Next gen cybersecurity. Visit The Register's security hub

British military laser death ray cannon contract still awarded, MoD confirms

Sound familiar? Yes, you read it on El Reg last July The Ministry of Defence has today re-announced for the third time that it has awarded a £30m contract to build a great big feck-off laser cannon for zapping the Queen's enemies. Originally awarded in July 2016 to the Dragonfire consortium, the Laser Directed Energy Weapons (LDEW) contract immediately stalled after a challenge to the contract award by an unknown number of losing companies. The MoD eventually settled the contract dispute last September, stating at the time that the deal had gone through. While exciting, in the way that setting about an old shed with a sledgehammer and a couple of gallons of petrol is exciting, the LDEW project is certainly not new. The Dragonfire consortium – made up of BAE Systems, Leonardo (formerly known as Finmeccanica, parent company of infamous British helicopter firm AgustaWestland), Cambridge-based Marshall Defence and Aerospace, and Hampshire-based defence research company Qinetiq – is charged with building the demonstrator weapon, and a working prototype is hoped for by 2019. It will have to meet five criteria to satisfy defence chiefs, including tracking targets in all weathers, maintaining sustained operation over a period of time, and various safety-related criteria, mostly aimed at ensuring the laser's operators or innocent bystanders don't get accidentally fried. Harriet Baldwin, minister for defence procurement, said in a canned statement: "The UK has long enjoyed a reputation as a world leader in innovation and it is truly ground-breaking projects like the Laser Directed Energy Weapon which will keep this country ahead of the curve." The obvious long-term practical application for the laser would be aboard a warship, and perhaps one of the first aged Type 23 frigates to be retired in the next five or six years could have her hull life extended to serve as a trials platform. As the press get excited over the new laser cannon, however, it is important to remember that the Type 45 air defence destroyers are not completely reliable when operating in warm seas, HMS Queen Elizabeth's sea trials date is quietly slipping back, F-35 deliveries still continue at a pathetic drip-feed rate, and the RN still has no replacement anti-ship missiles lined up for when its current weapons are retired in 2018 – though sources tell El Reg that the UK is exploring options for this with France. Various news outlets including the BBC, the Sun and the Daily Star (traditionally a very fertile ground for planted Andy McNabb-type tales of carefully anonymised derring-do from the front line) decided to run this hoary old news about the laser cannon today as if it was actually new. It's one thing to get excited over a new giant zapper but it's begun to wear a bit thin after the third repetition without any actual progress having been made. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub

RHBA-2017:0017-1: Red Hat OpenShift Enterprise 2.2.11 bug fix and enhancement update

Red Hat OpenShift Enterprise release 2.2.11 is now available with updatedpackages that fix several bugs and add various enhancements. OpenShift Enterprise by Red Hat is the company's cloud computingPlatform-as-a-Service (PaaS) solution designed for on-premise orprivate cloud deployments.This update fixes the following bugs:* The routing daemon (RD) can now be configured with multiple F5 BIG-IP hosts.During F5 configurations, the RD tries to connect to the first configured host.If it fails, it retries each successive host until it connects to a host orexhausts its host list.

The RD now correctly sends a NACK response to ActiveMQwhen operations fail.

ActiveMQ redelivers the message, causing the RD to retry.The RD's communication with ActiveMQ, logging of errors, and handling of errorresponses from F5 BIG-IP improved.

This enables the RD to continue operationwith the F5 BIG-IP cluster even if the RD loses contact with the cluster,improving the RD's behavior when multiple instances are run in a clusteredconfiguration.

The RD is more resilient against losing contact with individualF5 BIG-IP hosts in a cluster of F5 BIG-IP hosts and functions better when run ina clustered configuration.

The RD elicits fewer error responses from F5 BIG-IPand provides better logs, making error diagnosis easier. (BZ#1227472)* Users can now allow the provided database connection helper functions mysql(),psql(), and mongo() to be overwritten.

This allows users to overwrite the helperfunctions to easily connect to external databases. Users can now define mysql(),psql(), and mongo() functions in their $OPENSHIFT_DATA_DIR/.bash_profile, whichcan be used within an SSH connection to a gear. (BZ#1258033)* HAProxy cookies were inconsistently named. Requests to an HA application werenot always being routed to the correct gear.

This fix changes the cookie naminglogic so that the cookie name reflects which back-end gear is handling therequest.

As a result, all back-end HAProxy gears should now return the samecookie name and the requests should be properly routed to the correct back-endgear. (BZ#1377433)* EWS Tomcat 7 can now be configured on nodes to use either EWS 2 or EWS 3channels, allowing an administrator an option of what EWS version the EWS 2cartridge deploys.

This option was enabled to allow administrators to takeadvantage of the EWS 3 lifecycle and security or bug updates that it receivescompared to the maintenance lifecycle that EWS 2 is currently receiving.Administrators have options or can mix and match EWS versions (with nodeprofiles) on what Tomcat version is installed when an EWS 2 cartridge iscreated. (BZ#1394328)* The new version of PIP (7.1.0) no longer accepted insecure (HTTP) mirrors.Also, PIP attempted to create and then write files into the .cache directory,which users do not have permission to create post-installation.

As a result,Python dependencies failed to be installed.The default PyPi mirror URL is now updated to use a secure connection (HTTPS).The directory .cache is created during installation in advance so it can be usedlater by PIP. With this fix, Python dependencies can be fetched from the PyPimirror and installed properly. (BZ#1401120)* When using a gear's UUID in the logical volume name, a grep in the oo-acceptnode caused oo-accept-node to fail.

The grep was fixed with this update. Usingthe gear UUID in the logical volume name no longer causes oo-accept-node tofail. (BZ#1401124)* Previously, moving a gear with many aliases reloaded Apache for each alias.The excess aliases caused the gear move to timeout and fail. With this fix, agear move will now update Apache once with an array of of aliases instead ofupdating after each alias. (BZ#1401132)* Previously, node-proxy did not specify to use cipher order, so the order didnot matter when using a custom cipher order.

This fix makes the node-proxy honorthe cipher order.

Custom cipher orders will now take the cipher order in accountwhen choosing a cipher. (BZ#1401133)All OpenShift Enterprise 2 users are advised to upgrade to these updatedpackages. Red Hat OpenShift Enterprise 2 SRPMS: openshift-enterprise-upgrade-2.2.11-1.el6op.src.rpm     MD5: 7ec16aed5fc59ed2890c39c512535506SHA-256: 684678600d7a39ada09613e3e8f2131ff1c0302d9e3041a187cebf76675ecaaa openshift-origin-cartridge-haproxy-1.31.7.1-1.el6op.src.rpm     MD5: a1f1449b05688c5a980633d6c7d944f3SHA-256: 2929f1d04ea76635016830e108b098bbada8b45efc7bb53c73eb445ab77c830a openshift-origin-cartridge-python-1.34.4.1-1.el6op.src.rpm     MD5: 3dcfe8900468bbf667affe2bf00a696eSHA-256: 4d29292623e415e1d5775a3f7e097d7f6a6c315d66c2a29b68e806788180ce2d openshift-origin-msg-node-mcollective-1.30.3.1-1.el6op.src.rpm     MD5: d997b5a2ad85f8d336f207978d7bd6a3SHA-256: 8894b0fdc2fb0a033626bbbd4e1ccb2eaeb3b3b8f9fb6b3d6c3904077f3d1d0c openshift-origin-node-proxy-1.26.4.1-1.el6op.src.rpm     MD5: 0a9ef5709ecdb7a38e2fb62c5be21a3dSHA-256: 5be7a48d2364bc0448f88d6a63a5be81270902695d674466c3a36d8fc5c6062c openshift-origin-node-util-1.38.8.1-1.el6op.src.rpm     MD5: de83fb1a8228c3965286c5ec20162e32SHA-256: 832c41d74199362210989ef8c73b6e463f9116d23e3b934107f6135106e9e5a5 rubygem-openshift-origin-frontend-apache-mod-rewrite-0.8.2.1-1.el6op.src.rpm     MD5: 16a356b09fa38aeb1c0dd6077b9170c6SHA-256: c6fcb52c44e805b4a2d3bd52845d3aae477a15cc9b3eadea8db4d92cff6b9cb8 rubygem-openshift-origin-frontend-apache-vhost-0.13.3.1-1.el6op.src.rpm     MD5: e8dd00e793be08b117ac994405b260b4SHA-256: 09b5e3a38406ed813841204b7247faa840cdf9e5bc031b1acf4ae4e6ddf3ebb1 rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.5.3.1-1.el6op.src.rpm     MD5: 84be2c2e546dcf2d5e1c00f482347865SHA-256: d8e741d5123a3b4702c431f61e2e4f19415268f15536c8aeb4d4148a113f0fda rubygem-openshift-origin-frontend-nodejs-websocket-0.4.2.1-1.el6op.src.rpm     MD5: 78a15fbefa3e00fe25cd350b59195172SHA-256: 9e414c68803f45a0ec50a0a7f700bb80c168401ca3038310c45f624e33eb6354 rubygem-openshift-origin-node-1.38.7.1-1.el6op.src.rpm     MD5: 21ef886a44b03c688d48846fed34b974SHA-256: aeddbeafb1f58d2b2349ad5fa97fe3f5188bf5b905e0938aa3169bfe0746fdde rubygem-openshift-origin-routing-daemon-0.26.7.4-1.el6op.src.rpm     MD5: 1744e26a273c397078b83ea4946f7836SHA-256: c039f8d023321d8eed0c09b123b171f27c866860705d45aa05b85f82faedf346   x86_64: openshift-enterprise-release-2.2.11-1.el6op.noarch.rpm     MD5: 2014a606a47b5e5491341a1381f83ccfSHA-256: c211f0dd8c3efba9d8f2840a7e418f2096dbfbb47f13a8ec7cf7929e38e6162f openshift-enterprise-upgrade-broker-2.2.11-1.el6op.noarch.rpm     MD5: 74e50b025859ef9d22efaea0771d1dfaSHA-256: e9fac95a23aa696dfb4c1e4cc8cf33d5cabfb0d9ea4a7f29925936635b6f6078 openshift-enterprise-upgrade-node-2.2.11-1.el6op.noarch.rpm     MD5: 43b23128a6f8508f872f199f11e99844SHA-256: 2182ab628c84f5bdcc4fff537aadd260894787a2c2a47d2501912b7190b8ea4d openshift-enterprise-yum-validator-2.2.11-1.el6op.noarch.rpm     MD5: af77a0545ff330278c6cd6b02671695aSHA-256: b867d00bda0f52d6ba6a98a74f4303c0df9b4b74405e0487131fb3180ec2150e openshift-origin-cartridge-haproxy-1.31.7.1-1.el6op.noarch.rpm     MD5: 749c76f4c105f7ad2b8b4599c393eb39SHA-256: 51eccf1effbf4e287e5d7d22432c5c17e94ee5b03a082e40a38811a29fffb34f openshift-origin-cartridge-python-1.34.4.1-1.el6op.noarch.rpm     MD5: 5a2b1bc49dc51b6e1d27418dcbdebe92SHA-256: d1d081769812ca7ff3a109144639e5f0fdfa6879354959e1a4907b21316565d1 openshift-origin-msg-node-mcollective-1.30.3.1-1.el6op.noarch.rpm     MD5: 4f7a36fe214d0ff3c73b03f420455451SHA-256: 3571f7067485b72a67d8de2d6f22ddc06bb8e09128047011cb1c54084eb9e6d4 openshift-origin-node-proxy-1.26.4.1-1.el6op.noarch.rpm     MD5: f422b78254bc9e061281b769b6257905SHA-256: 2d0fe749cbedb32b5feaa5c871bf38c6cad7f27a90cea0f8466f774974781166 openshift-origin-node-util-1.38.8.1-1.el6op.noarch.rpm     MD5: 8a4247c0b621b63656b4fdbfaf48f9e7SHA-256: ab960e297a55df5a662793af11e6b540ebab93df6c3edb32610597afbecaacc8 rubygem-openshift-origin-frontend-apache-mod-rewrite-0.8.2.1-1.el6op.noarch.rpm     MD5: 95210c17c2f0cc126b6b0756f6ca3fc3SHA-256: 22362fee3fa68b4ad59ed0a883948d5561d425b67a3396438e408c6df3bbab56 rubygem-openshift-origin-frontend-apache-vhost-0.13.3.1-1.el6op.noarch.rpm     MD5: 59411dfa22500844ee7c995cbb3e855dSHA-256: 307fc8948cbbad0548562b7dfd01c7cc976346f9974c30f63801a6ae5925f540 rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.5.3.1-1.el6op.noarch.rpm     MD5: 19897e4896ccdf8f527eeef81334dd86SHA-256: 2139ed1ff65db053d722c9a61c0490d5a1e3457bc05b7a746bb1e398c60786cb rubygem-openshift-origin-frontend-nodejs-websocket-0.4.2.1-1.el6op.noarch.rpm     MD5: a1d083fdbe96c3a50a44317d43f16f2aSHA-256: adad2d5496b14a6310eb947e4d07eecc2f892a4c8a6223473718ad006bcc761b rubygem-openshift-origin-node-1.38.7.1-1.el6op.noarch.rpm     MD5: f0863b65b63e9e85f9cfc3eef3029980SHA-256: 3e1c1250766b63670687ff4ae1e8327229e82b738057bb22758544a24cdc3fc2 rubygem-openshift-origin-routing-daemon-0.26.7.4-1.el6op.noarch.rpm     MD5: 1a08ee809815b4c0e231a98deec953d0SHA-256: be88d6d1f339675e91ca18087c9af6825afbb26f9abc2570188fb715c83fe57c   (The unlinked packages above are only available from the Red Hat Network) 1258033 - Allow the override of pre-defined function for database connections1377433 - haproxy configuration in HA gears sets inconsistent cookie values, breaking session affinity1394328 - [RFE] EWS 2 cartridge should be able to use EWS 3 binaries.1401120 - pip permission error prevents installing on python-2.7 cartridge1401124 - oo-accept-node reports missing quota if filesystem name contains gear uuid1401132 - Moving gears with many aliases causes excessive number of apache reloads These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Army social media psyops bods struggling to attract fresh blood

'We have no recruiting targets,' says indignant MoD spin doctor Army social media psyops unit 77 Brigade is struggling to reel in new government cyber-warriors in spite of a recruitment publicity blitz last year, according to the Ministry of Defence. The "brigade" – in reality a unit slightly smaller than an infantry battalion, with a target manning strength of 448 people – is under strength by about 40 per cent, according to figures released under the Freedom of Information Act. Of those 448, 182 of them are supposed to be full-time soldiers, sailors and airmen, while 266 are part-time reservists bringing in specialist skills from the civilian world. A fortnight ago the unit, known as the Security Assistance Group (SAG) until July 2015, had only 276 personnel on its books. Just 123 of those were reservists, meaning 77 Bde has a shortfall of 29 regulars and 143 reserves. In the last year just 125 soldiers were recruited to 77 Bde, or posted into it from elsewhere in the Army. The unit forms part of the government's wider efforts to tackle hostile use of social media by, among others, Islamist terrorists, Russian hackers and state-backed fake news and propaganda agencies such as Russia Today (RT) and Iran's Press TV.
In addition, it is also supposed to engage in the dark arts of destabilising Britain's foes by starting whispering campaigns among their supporters and potential supporters. The SAG was formed in 2014 to combine the Army's Media Operations Group, 15 (UK) Psychological Operations Group, the Security Capacity Building Team and the Military Stabilisation and Support Group.
It was rebranded 77 Brigade after 18 months when someone inside the MoD thought it would be a good idea to link them with Brigadier Orde Wingate's famous guerrilla unit the Chindits, who fought hundreds of miles behind Japanese lines in the Far East during the Second World War. 77 Bde maintains small Facebook and Twitter presences in its own name. The modern-day 77 Bde is split into six "columns", of which the fifth column is the media ops and civil affairs sub-unit – perhaps a military bureaucrat's little joke. "I can confirm that the Army is pleased with the rate of growth of the Brigade and that it is attracting trained personnel of the right knowledge, skill and experience required for its roles," insisted an MoD spin doctor in the ministry's response to the original FoI request.

The response also claimed that 77 Bde has "no set recruiting targets". "The shortfall in the reserve numbers is partly due to the recent increase in liability... but is, in the main, due to the fact 77 Brigade is a new formation and it takes time for this capability to be built up," he added. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub

RHSA-2017:0001-1: Moderate: ipa security update

An update for ipa is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Red Hat Identity Management (IdM) is a centralized authentication, identitymanagement, and authorization solution for both traditional and cloud-basedenterprise environments.Security Fix(es):* It was discovered that the default IdM password policies that lock outaccounts after a certain number of failed login attempts were also applied tohost and service accounts.

A remote unauthenticated user could use this flaw tocause a denial of service attack against kerberized services. (CVE-2016-7030)* It was found that IdM's certprofile-mod command did not properly check theuser's permissions while modifying certificate profiles.

An authenticated,unprivileged attacker could use this flaw to modify profiles to issuecertificates with arbitrary naming or key usage information and subsequently usesuch certificates for other attacks. (CVE-2016-9575)The CVE-2016-7030 issue was discovered by Petr Spacek (Red Hat) and theCVE-2016-9575 issue was discovered by Liam Campbell (Red Hat). Red Hat Enterprise Linux Desktop (v. 7) SRPMS: ipa-4.4.0-14.el7_3.1.1.src.rpm     MD5: 576b41a8c1b18c2e20f50c749933aa3dSHA-256: 37bc73696ba34985a175c3e0f8d7dce2def3104a1a07c956ae9f054798adc33b   x86_64: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 892071be5108114a063beede2c4b86ddSHA-256: 8fab8435e6761fa33a84ba0e2b98bf694243e5d271451b8c6a9504de32736bc0 ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 6803dd5daf22f86cf63e67be2360624aSHA-256: 82f67c7dad1b0d6c74eaff7c11dde7efcbc9f678b4443dc0fa40b9dd29c59481 ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 1a48cbf68a2878a6760b065472b5fb4eSHA-256: fcdf5f52d6ae40fc3b37c6c539a1b82e2d29cf15116c37596bdf79e2d4630368 ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: d6ef1589b9b8d899d74d0006b867f917SHA-256: e302d53a7a3a0fe249ec4ef13cf71af6ddeaab10956fb1530aae3fe892211b57 ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 07c85fadd5882a836eb3136c748fc0d5SHA-256: 136e9969c55d755a95529ae1ed63b2d2704995f2a4c3f1c9cc787c1bae6afe51 ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 8dfbd7199aa7b92365ea2ebbb2ea0846SHA-256: 496aff9208b02416a4a28694e48d596b6c703590f45ad9e2fa382cdf03197673 ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 89a81f4738e59a763932b10a03b08341SHA-256: 451c92d375628834712cbc3f0713550378300c9e9243ff90ad85fe680e330774 ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 6100a755fafa8ca8726720d17f5ce021SHA-256: 022bc4d0ae640d9d5e51c2ba0bcad6fbb76a8e4169f63f95ed71f44462b0e2d4 ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 0ec54b7fbd688d09b5b7e1eaa2b6e616SHA-256: 5761da6f5419300c3ac59409414c74a7fc0e649e6143655d825286d0ae7e08a4 ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: f9fbc69fca9d9a28aba2e5971134e724SHA-256: dd9bce221914ba50ee6496c86d29cad09e0db05de1ed22222291d4650b362675 python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 14e1bac72de76a87b0a7dbc24663734dSHA-256: bd567334c15b8231a9dcf1ea0bce7ace647b74498e8469406491e7ade9b3c7e7 python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: aa20cf79bc95d8924328bbeb351ddffaSHA-256: 042eaa4732f83e0dd4e065458a2ed8eb0381d1d9a4e263dfad3f18da75b83311 python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 08ab48262849ad75b754e3064bb51e83SHA-256: 3f896f2828270c7e8af41161438bd8fd9bd08e840e1c1783ee5caa5bc7a66c31   Red Hat Enterprise Linux HPC Node (v. 7) SRPMS: ipa-4.4.0-14.el7_3.1.1.src.rpm     MD5: 576b41a8c1b18c2e20f50c749933aa3dSHA-256: 37bc73696ba34985a175c3e0f8d7dce2def3104a1a07c956ae9f054798adc33b   x86_64: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 892071be5108114a063beede2c4b86ddSHA-256: 8fab8435e6761fa33a84ba0e2b98bf694243e5d271451b8c6a9504de32736bc0 ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 6803dd5daf22f86cf63e67be2360624aSHA-256: 82f67c7dad1b0d6c74eaff7c11dde7efcbc9f678b4443dc0fa40b9dd29c59481 ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 1a48cbf68a2878a6760b065472b5fb4eSHA-256: fcdf5f52d6ae40fc3b37c6c539a1b82e2d29cf15116c37596bdf79e2d4630368 ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: d6ef1589b9b8d899d74d0006b867f917SHA-256: e302d53a7a3a0fe249ec4ef13cf71af6ddeaab10956fb1530aae3fe892211b57 ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 07c85fadd5882a836eb3136c748fc0d5SHA-256: 136e9969c55d755a95529ae1ed63b2d2704995f2a4c3f1c9cc787c1bae6afe51 ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 8dfbd7199aa7b92365ea2ebbb2ea0846SHA-256: 496aff9208b02416a4a28694e48d596b6c703590f45ad9e2fa382cdf03197673 ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 89a81f4738e59a763932b10a03b08341SHA-256: 451c92d375628834712cbc3f0713550378300c9e9243ff90ad85fe680e330774 ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 6100a755fafa8ca8726720d17f5ce021SHA-256: 022bc4d0ae640d9d5e51c2ba0bcad6fbb76a8e4169f63f95ed71f44462b0e2d4 ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 0ec54b7fbd688d09b5b7e1eaa2b6e616SHA-256: 5761da6f5419300c3ac59409414c74a7fc0e649e6143655d825286d0ae7e08a4 ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: f9fbc69fca9d9a28aba2e5971134e724SHA-256: dd9bce221914ba50ee6496c86d29cad09e0db05de1ed22222291d4650b362675 python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 14e1bac72de76a87b0a7dbc24663734dSHA-256: bd567334c15b8231a9dcf1ea0bce7ace647b74498e8469406491e7ade9b3c7e7 python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: aa20cf79bc95d8924328bbeb351ddffaSHA-256: 042eaa4732f83e0dd4e065458a2ed8eb0381d1d9a4e263dfad3f18da75b83311 python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 08ab48262849ad75b754e3064bb51e83SHA-256: 3f896f2828270c7e8af41161438bd8fd9bd08e840e1c1783ee5caa5bc7a66c31   Red Hat Enterprise Linux Server (v. 7) SRPMS: ipa-4.4.0-14.el7_3.1.1.src.rpm     MD5: 576b41a8c1b18c2e20f50c749933aa3dSHA-256: 37bc73696ba34985a175c3e0f8d7dce2def3104a1a07c956ae9f054798adc33b   PPC: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 892071be5108114a063beede2c4b86ddSHA-256: 8fab8435e6761fa33a84ba0e2b98bf694243e5d271451b8c6a9504de32736bc0 ipa-client-4.4.0-14.el7_3.1.1.ppc64.rpm     MD5: 8922023fbcb8a26e047d98773b58dac0SHA-256: 21f1fc8a7eec678ba829cfd170f21db1c7a67df47baf36429c241430bb6fb716 ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 1a48cbf68a2878a6760b065472b5fb4eSHA-256: fcdf5f52d6ae40fc3b37c6c539a1b82e2d29cf15116c37596bdf79e2d4630368 ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: d6ef1589b9b8d899d74d0006b867f917SHA-256: e302d53a7a3a0fe249ec4ef13cf71af6ddeaab10956fb1530aae3fe892211b57 ipa-debuginfo-4.4.0-14.el7_3.1.1.ppc64.rpm     MD5: faa68ab0f496db2070f7481e58234a22SHA-256: 6f2ced81dbff51356e48fd84094969e64abe22795897f9fbcc88f182ab00bdcf ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 8dfbd7199aa7b92365ea2ebbb2ea0846SHA-256: 496aff9208b02416a4a28694e48d596b6c703590f45ad9e2fa382cdf03197673 python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 14e1bac72de76a87b0a7dbc24663734dSHA-256: bd567334c15b8231a9dcf1ea0bce7ace647b74498e8469406491e7ade9b3c7e7 python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: aa20cf79bc95d8924328bbeb351ddffaSHA-256: 042eaa4732f83e0dd4e065458a2ed8eb0381d1d9a4e263dfad3f18da75b83311   PPC64LE: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 892071be5108114a063beede2c4b86ddSHA-256: 8fab8435e6761fa33a84ba0e2b98bf694243e5d271451b8c6a9504de32736bc0 ipa-client-4.4.0-14.el7_3.1.1.ppc64le.rpm     MD5: 406f4285ca17fab0d4fc724865759474SHA-256: f03cb9a9ad4cf92ef3e6be7e2f751a4112cf10166ce3f22f1450e57deb445996 ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 1a48cbf68a2878a6760b065472b5fb4eSHA-256: fcdf5f52d6ae40fc3b37c6c539a1b82e2d29cf15116c37596bdf79e2d4630368 ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: d6ef1589b9b8d899d74d0006b867f917SHA-256: e302d53a7a3a0fe249ec4ef13cf71af6ddeaab10956fb1530aae3fe892211b57 ipa-debuginfo-4.4.0-14.el7_3.1.1.ppc64le.rpm     MD5: 8eeffa3f73efc62d380abaf9372145e1SHA-256: 10997c52f622e753ae75e8d00918e026ca86227cf52cc7d2f9ee9a764a001d81 ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 8dfbd7199aa7b92365ea2ebbb2ea0846SHA-256: 496aff9208b02416a4a28694e48d596b6c703590f45ad9e2fa382cdf03197673 python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 14e1bac72de76a87b0a7dbc24663734dSHA-256: bd567334c15b8231a9dcf1ea0bce7ace647b74498e8469406491e7ade9b3c7e7 python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: aa20cf79bc95d8924328bbeb351ddffaSHA-256: 042eaa4732f83e0dd4e065458a2ed8eb0381d1d9a4e263dfad3f18da75b83311   s390x: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 892071be5108114a063beede2c4b86ddSHA-256: 8fab8435e6761fa33a84ba0e2b98bf694243e5d271451b8c6a9504de32736bc0 ipa-client-4.4.0-14.el7_3.1.1.s390x.rpm     MD5: 6c3003297a734c4b1cb967a4d6248947SHA-256: 17519262213359ed891f036c467289fc743bb652e58897e621603e79e36e8c33 ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 1a48cbf68a2878a6760b065472b5fb4eSHA-256: fcdf5f52d6ae40fc3b37c6c539a1b82e2d29cf15116c37596bdf79e2d4630368 ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: d6ef1589b9b8d899d74d0006b867f917SHA-256: e302d53a7a3a0fe249ec4ef13cf71af6ddeaab10956fb1530aae3fe892211b57 ipa-debuginfo-4.4.0-14.el7_3.1.1.s390x.rpm     MD5: edff709c629da0b889b6de2082d3513dSHA-256: 17bbbe517d09df51909c4efb1c252e40fd94433557f2667e0c8cb4ff064d2774 ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 8dfbd7199aa7b92365ea2ebbb2ea0846SHA-256: 496aff9208b02416a4a28694e48d596b6c703590f45ad9e2fa382cdf03197673 python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 14e1bac72de76a87b0a7dbc24663734dSHA-256: bd567334c15b8231a9dcf1ea0bce7ace647b74498e8469406491e7ade9b3c7e7 python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: aa20cf79bc95d8924328bbeb351ddffaSHA-256: 042eaa4732f83e0dd4e065458a2ed8eb0381d1d9a4e263dfad3f18da75b83311   x86_64: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 892071be5108114a063beede2c4b86ddSHA-256: 8fab8435e6761fa33a84ba0e2b98bf694243e5d271451b8c6a9504de32736bc0 ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 6803dd5daf22f86cf63e67be2360624aSHA-256: 82f67c7dad1b0d6c74eaff7c11dde7efcbc9f678b4443dc0fa40b9dd29c59481 ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 1a48cbf68a2878a6760b065472b5fb4eSHA-256: fcdf5f52d6ae40fc3b37c6c539a1b82e2d29cf15116c37596bdf79e2d4630368 ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: d6ef1589b9b8d899d74d0006b867f917SHA-256: e302d53a7a3a0fe249ec4ef13cf71af6ddeaab10956fb1530aae3fe892211b57 ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 07c85fadd5882a836eb3136c748fc0d5SHA-256: 136e9969c55d755a95529ae1ed63b2d2704995f2a4c3f1c9cc787c1bae6afe51 ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 8dfbd7199aa7b92365ea2ebbb2ea0846SHA-256: 496aff9208b02416a4a28694e48d596b6c703590f45ad9e2fa382cdf03197673 ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 89a81f4738e59a763932b10a03b08341SHA-256: 451c92d375628834712cbc3f0713550378300c9e9243ff90ad85fe680e330774 ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 6100a755fafa8ca8726720d17f5ce021SHA-256: 022bc4d0ae640d9d5e51c2ba0bcad6fbb76a8e4169f63f95ed71f44462b0e2d4 ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 0ec54b7fbd688d09b5b7e1eaa2b6e616SHA-256: 5761da6f5419300c3ac59409414c74a7fc0e649e6143655d825286d0ae7e08a4 ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: f9fbc69fca9d9a28aba2e5971134e724SHA-256: dd9bce221914ba50ee6496c86d29cad09e0db05de1ed22222291d4650b362675 python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 14e1bac72de76a87b0a7dbc24663734dSHA-256: bd567334c15b8231a9dcf1ea0bce7ace647b74498e8469406491e7ade9b3c7e7 python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: aa20cf79bc95d8924328bbeb351ddffaSHA-256: 042eaa4732f83e0dd4e065458a2ed8eb0381d1d9a4e263dfad3f18da75b83311 python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 08ab48262849ad75b754e3064bb51e83SHA-256: 3f896f2828270c7e8af41161438bd8fd9bd08e840e1c1783ee5caa5bc7a66c31   Red Hat Enterprise Linux Server TUS (v. 7.3) SRPMS: ipa-4.4.0-14.el7_3.1.1.src.rpm     MD5: 576b41a8c1b18c2e20f50c749933aa3dSHA-256: 37bc73696ba34985a175c3e0f8d7dce2def3104a1a07c956ae9f054798adc33b   x86_64: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 892071be5108114a063beede2c4b86ddSHA-256: 8fab8435e6761fa33a84ba0e2b98bf694243e5d271451b8c6a9504de32736bc0 ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 6803dd5daf22f86cf63e67be2360624aSHA-256: 82f67c7dad1b0d6c74eaff7c11dde7efcbc9f678b4443dc0fa40b9dd29c59481 ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 1a48cbf68a2878a6760b065472b5fb4eSHA-256: fcdf5f52d6ae40fc3b37c6c539a1b82e2d29cf15116c37596bdf79e2d4630368 ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: d6ef1589b9b8d899d74d0006b867f917SHA-256: e302d53a7a3a0fe249ec4ef13cf71af6ddeaab10956fb1530aae3fe892211b57 ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 07c85fadd5882a836eb3136c748fc0d5SHA-256: 136e9969c55d755a95529ae1ed63b2d2704995f2a4c3f1c9cc787c1bae6afe51 ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 8dfbd7199aa7b92365ea2ebbb2ea0846SHA-256: 496aff9208b02416a4a28694e48d596b6c703590f45ad9e2fa382cdf03197673 ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 89a81f4738e59a763932b10a03b08341SHA-256: 451c92d375628834712cbc3f0713550378300c9e9243ff90ad85fe680e330774 ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 6100a755fafa8ca8726720d17f5ce021SHA-256: 022bc4d0ae640d9d5e51c2ba0bcad6fbb76a8e4169f63f95ed71f44462b0e2d4 ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 0ec54b7fbd688d09b5b7e1eaa2b6e616SHA-256: 5761da6f5419300c3ac59409414c74a7fc0e649e6143655d825286d0ae7e08a4 ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: f9fbc69fca9d9a28aba2e5971134e724SHA-256: dd9bce221914ba50ee6496c86d29cad09e0db05de1ed22222291d4650b362675 python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 14e1bac72de76a87b0a7dbc24663734dSHA-256: bd567334c15b8231a9dcf1ea0bce7ace647b74498e8469406491e7ade9b3c7e7 python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: aa20cf79bc95d8924328bbeb351ddffaSHA-256: 042eaa4732f83e0dd4e065458a2ed8eb0381d1d9a4e263dfad3f18da75b83311 python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 08ab48262849ad75b754e3064bb51e83SHA-256: 3f896f2828270c7e8af41161438bd8fd9bd08e840e1c1783ee5caa5bc7a66c31   Red Hat Enterprise Linux Workstation (v. 7) SRPMS: ipa-4.4.0-14.el7_3.1.1.src.rpm     MD5: 576b41a8c1b18c2e20f50c749933aa3dSHA-256: 37bc73696ba34985a175c3e0f8d7dce2def3104a1a07c956ae9f054798adc33b   x86_64: ipa-admintools-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 892071be5108114a063beede2c4b86ddSHA-256: 8fab8435e6761fa33a84ba0e2b98bf694243e5d271451b8c6a9504de32736bc0 ipa-client-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 6803dd5daf22f86cf63e67be2360624aSHA-256: 82f67c7dad1b0d6c74eaff7c11dde7efcbc9f678b4443dc0fa40b9dd29c59481 ipa-client-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 1a48cbf68a2878a6760b065472b5fb4eSHA-256: fcdf5f52d6ae40fc3b37c6c539a1b82e2d29cf15116c37596bdf79e2d4630368 ipa-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: d6ef1589b9b8d899d74d0006b867f917SHA-256: e302d53a7a3a0fe249ec4ef13cf71af6ddeaab10956fb1530aae3fe892211b57 ipa-debuginfo-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 07c85fadd5882a836eb3136c748fc0d5SHA-256: 136e9969c55d755a95529ae1ed63b2d2704995f2a4c3f1c9cc787c1bae6afe51 ipa-python-compat-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 8dfbd7199aa7b92365ea2ebbb2ea0846SHA-256: 496aff9208b02416a4a28694e48d596b6c703590f45ad9e2fa382cdf03197673 ipa-server-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: 89a81f4738e59a763932b10a03b08341SHA-256: 451c92d375628834712cbc3f0713550378300c9e9243ff90ad85fe680e330774 ipa-server-common-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 6100a755fafa8ca8726720d17f5ce021SHA-256: 022bc4d0ae640d9d5e51c2ba0bcad6fbb76a8e4169f63f95ed71f44462b0e2d4 ipa-server-dns-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 0ec54b7fbd688d09b5b7e1eaa2b6e616SHA-256: 5761da6f5419300c3ac59409414c74a7fc0e649e6143655d825286d0ae7e08a4 ipa-server-trust-ad-4.4.0-14.el7_3.1.1.x86_64.rpm     MD5: f9fbc69fca9d9a28aba2e5971134e724SHA-256: dd9bce221914ba50ee6496c86d29cad09e0db05de1ed22222291d4650b362675 python2-ipaclient-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 14e1bac72de76a87b0a7dbc24663734dSHA-256: bd567334c15b8231a9dcf1ea0bce7ace647b74498e8469406491e7ade9b3c7e7 python2-ipalib-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: aa20cf79bc95d8924328bbeb351ddffaSHA-256: 042eaa4732f83e0dd4e065458a2ed8eb0381d1d9a4e263dfad3f18da75b83311 python2-ipaserver-4.4.0-14.el7_3.1.1.noarch.rpm     MD5: 08ab48262849ad75b754e3064bb51e83SHA-256: 3f896f2828270c7e8af41161438bd8fd9bd08e840e1c1783ee5caa5bc7a66c31   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Creaking Royal Navy is ‘first-rate’ thunders irate admiral

He's bound to say that.

Truth is, it'll get worse before it gets better Comment Admiral Sir Philip Jones, head of the Royal Navy, has written how "you'd be forgiven for thinking that the RN had packed up and gone home" in response to the kicking the naval service has received in the press recently. In an open letter published on the RN website, the admiral wrote: "Sadly the world is less certain and less safe.

But our sense of responsibility has not changed.

The Royal Navy may be smaller than in the past but has a strong future so this is no time to talk the Navy down." On 21 November the Defence Select Committee published a swingeing report into naval procurement, which concluded: "The MoD is embarking on a major modernisation of the Royal Navy surface fleet. Notwithstanding the Committee's concerns that the number of ships is at a dangerous and an historic low, it is a programme which has the potential to deliver a modern navy with a broad range of capabilities." Meanwhile, HMS Duncan, a Type 45 air-defence destroyer, had to be towed back into port after her unreliable Rolls-Royce WR-21 engines* broke down, as they tend to do on all Type 45s with worrying frequency – so much so that the RN has started a dedicated initiative, Project Napier, to add extra diesel generators to the Type 45 fleet.

This involves cutting large holes in the hull of each ship. Royal Fleet Auxiliary** tanker Wave Knight, currently deployed on Atlantic Patrol Tasking (North) in the Caribbean on anti-drugs patrol duties, broke down in St Vincent with Prince Harry aboard.

APT(N) used to be carried out by an actual warship rather than a refuelling tanker, but cuts to destroyer and frigate numbers left the Navy with no option. Last year a naval offshore patrol vessel, normally employed to stop and search fishermen's boats and their catches, was trialled on APT(N). A few weeks ago it was revealed that the RN will, from 2018, be left without any anti-ship missiles on its frigates and destroyers. Then there's the Type 26 frigate programme, which continues to stagnate as MoD officials lock horns with vastly more experienced BAE Systems negotiators over contracts.

The Type 26s are planned to partly replace the UK's current fleet of thirteen Type 23 anti-submarine frigates.

There will be fewer Type 26s than Type 23s, however, with the final five Type 23s set to be replaced with Type 31 "general purpose frigates", a cheap 'n' cheerful concept intended primarily for export.

The government, having initially pledged a like-for-like replacement of Type 23 with Type 26, later changed tack and cut the planned order of Type 26s, presumably because of the spiralling costs. A perfect storm for the naval service So what did the First Sea Lord have to say in defence of the RN? Type 45 destroyers are "hugely innovative" and "money is now in place to put this right".
Indeed, "if they weren't up to the job then the US and French navies would not entrust them with protection of their aircraft carriers in the Gulf." A strong point: for all their electrical flaws, the Type 45s are world-leading air-defence destroyers. The Harpoon anti-ship missile was cut partly because it "was reaching the end of its life" – though the admiral's attempt to claim that last month's Unmanned Warrior robot naval boat exercise featured anything capable of replacing a dedicated anti-ship capability was fanciful at best and downright disingenuous at worst.

That said, the admiral is duty bound, for better or for worse, not to embarrass his elected political masters. Admiral Jones also mentioned the Queen Elizabeth-class aircraft carriers and their F-35B fighter jet air wing, due to enter service in a few years.

As previously reported on El Reg, the F-35 will not be ready for true carrier deployment for another five years minimum and even when it is, we won't own enough of them to put to sea without borrowing half the fast air wing from the US Marines. Moreover, each carrier will need, at the very least, both a frigate and a destroyer as escorts; the frigate to detect submarines, the destroyer to maintain an anti-aircraft screen. Will we be able to spare these two ships from all the other standing tasks, let alone training and maintenance requirements? On the whole, the Royal Navy is in very poor shape.
It cannot meet all its standing patrol tasks (as detailed in the Defence Select Committee report) without resorting to small patrol vessels and mostly civilian tankers to do so.

The Fleet Air Arm will not be a credible force capable of deploying overseas at even minimal strength (12 F-35Bs) until the middle of the next decade.

The frigate force is capable but ageing and due for retirement soon.

The destroyer fleet will be plagued by engine problems for another five years. On the other hand, the carriers will enter service.

F-35B will enter service.

Type 26 will start entering service from the mid-2020s.

The RFA will receive its new Tide-class replenishment ships to support the carriers.

Three new offshore patrol vessels are under construction and will be delivered in the next few years. New nuclear deterrent submarines are now under construction and will enter service in the coming years.
In terms of fighting strength, ability to put to sea and ensure freedom of navigation and lawful commerce, the Navy will improve. The tough part is that we will not hit rock bottom and start climbing out of this well of impotence for at least the next three years. What those three years bring – Brexit, more Russian sabre-rattling, possibly even a new Middle East flashpoint – could stretch the RN to breaking point or even beyond. While the First Sea Lord has publicly defended his service, ultimately it is the politicians of all flavours who starved the Navy of the funding for new ships and equipment that it desperately needed ten years ago, leading to today's situation where so many demoralised personnel have left that ship deployments were lengthened from six to nine months. The next time the Defence Secretary pops up to recycle tired old announcements that amount to nothing new, remember that. ® Bootnotes *The two gas turbines themselves are OK – it is the intercooler-recuperator assembly which lets them down.

Briefly, the intercooler-recuperator recovers heat from the turbines' exhausts and uses it to pre-heat the fuel/air mixture being fed into the engine.

This reduces wasted heat while increasing fuel efficiency and electrical output.

Due to a design flaw, the intercooler-recuperator tends to drop out without warning when operating in warmer waters (reportedly as low as 30C).

The sudden spike in electrical demand overwhelms the ship's two auxiliary Wärtsilä diesel generators and causes the entire electrical system, propulsion, weapons and all, to trip out, leaving the destroyer dead in the water as frantic marine engineers rush to reset it all. **The Royal Fleet Auxiliary is a uniformed but civilian branch of the naval service. Officially classed as civil servants sailing civilian-registered British ships, their personnel man the tankers, replenishment ships and general duties vessels, which increasingly find themselves used as actual warships, such as on the APT(N) deployment or as the mothership for the British minehunter contingent in the Persian Gulf. Sponsored: Customer Identity and Access Management

RHBA-2016:2667-1: Red Hat OpenStack Platform 9 director Bug Fix Advisory

Attention: RHN Hosted will reach the end of its service life on July 31, 2017.Customers will be required to migrate existing systems to Red Hat Subscription Management prior to this date.Learn more here Details Updated packages that resolve various issues are now available for Red HatOpenStack Platform 9.0 director for RHEL 7. Red Hat OpenStack Platform director provides the facilities for deployingand monitoring a private or public infrastructure-as-a-service (IaaS) cloudbased on Red Hat OpenStack Platform. Solution Before applying this update, ensure all previously released errata relevantto your system have been applied.Red Hat OpenStack Platform 9 runs on Red Hat Enterprise Linux 7.2.The Red Hat OpenStack Platform 9 Release Notes contain the following:* An explanation of the way in which the provided components interact toform a working cloud computing environment.* Technology Previews, Recommended Practices, and Known Issues.* The channels required for Red Hat OpenStack Platform 9, including whichchannels need to be enabled and disabled.The Release Notes are available at:https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/single/release-notesThis update is available through 'yum update' on systems registered throughRed Hat Subscription Manager.

For more information about Red HatSubscription Manager, see:https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html Updated packages Red Hat OpenStack 9.0 director for RHEL 7 SRPMS: instack-undercloud-4.0.0-15.el7ost.src.rpm     MD5: 9e06bef4f3f417c069dd54a9aeec8237SHA-256: 52930027999540a6e2ba6c91c2097eaa9e3cce4c83323e407c6ea5dacb090c12 openstack-tripleo-image-elements-0.9.9-7.el7ost.src.rpm     MD5: b4f434f084e728bf1e91359bf8fa8607SHA-256: 7d7fba23eb421edb7453d684605ac9bec003960ce37e254d4fcbc3d7b3f32d41   x86_64: instack-undercloud-4.0.0-15.el7ost.noarch.rpm     MD5: b45e479bb8e17cea37b3e4c5122b8e12SHA-256: cfc5927a426c73f6e11707a0541c028248b502f06c2110a6ae4a0dd9a5835c67 openstack-tripleo-image-elements-0.9.9-7.el7ost.noarch.rpm     MD5: 3cd6a72ee743dc926dc72ed74ce49389SHA-256: 7fe07e3ef2421d17f8c9499782af9b685d688caf1fd9d7e2a38160773d8cb610   (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 1364020 - Undercloud installation does not configure UEFi deployment default parameters1385523 - Undercloud installation fails with RHEL-7.3 on selinux [OSP9]1387935 - rhel-osp-director: 9.0 on rhel7.3: undercloud deployment fails: make: *** [tmp/tripleo-selinux-mariadb.mod] Error 1 These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/

UKCloud Launches New Partner Programme

Helping partners grow their business in the UK public sectorLondon – November 1, 2016 – UKCloud, formerly Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today announced the launch of its NEW partner programme.
It will offer both new and existing partners an impressive benefits framework including significant technical, marketing and sales expertise, giving UKCloud partners the best possible chance of selling successfully into the UK public sector. UKCloud Powered By Logo The newly launched partner programme will build on the momentum already achieved by UKCloud’s existing partner programme, which was launched in August 2013. UKCloud has since helped approximately 120 partners onto the G-Cloud Framework and the company has supported more than 465 partner projects across the UK public sector. “Supporting our partner community has always been a top priority for us as a business,” said Simon Hansford, CEO of UKCloud. “And with more than 230 like-minded organisations already in the programme and countless successful collaborations to date, we thought it the perfect time to take our partner programme to the next level; ensuring that as a business, partners remain at the heart of everything we do. Our new partner commitments are a great illustration of this renewed focus.” IT companies looking to break into the UK public sector market need to be familiar with and overcome very specific requirements when it comes to security, assurance, connectivity and commercial governance. UKCloud’s partners are able to take advantage of its industry-leading accreditations and certifications, without needing to dedicate resources to achieving this themselves.

They also benefit from UKCloud’s extensive experience in the public sector, through its work with DVLA, HMRC, the Home Office and MoD to name but a few. “With the digitisation of services ramping up in the public sector as departments look to technology to reduce overheads whilst transforming the end-user experience, there is a growing opportunity in the market and we want to ensure our partners make the most of this potential,” Hansford added. “Our platform has been specifically designed with government policies and requirements in mind and we’re committed to developing it as these demands evolve. Our partners can enjoy the peace of mind that comes with using a trustworthy, reliable, cloud platform, as in turn it strengthens their brand and helps increase their own credibility. We look forward to even further collaboration with our partners, working together as a community to meet the needs of the public sector, both now and in the future”. UKCloud’s hyperscale cloud platform is built to handle government workloads and offers connectivity options to meet different communities’ needs, including PSN, N3 for health and RLI for defence. UKCloud recently announced an expanded range of assured cloud services, including OpenStack and Oracle powered offerings on the latest iteration of the G-Cloud Framework, G-Cloud 8.

The new features and service options provide genuine choice to meet the different requirements of contrasting public sector workloads, which provides UKCloud partners with access to a purpose build cloud for the UK Public Sector, allowing them to focus on delivering innovative products and services to the UK citizen. More information can be found at www.ukcloud.com/why-partner - ends – About UKCloudUKCloud is dedicated to the UK Public Sector. We provide assured, agile and value-based true public cloud that enable our customers to deliver enhanced performance through technology. We’re focused on cloud.

Delivering a true cloud platform that is scalable, flexible, assured and cost-effective. We’re open. You are never locked in. Using industry standards and open source software we enable flexibility and choice across multiple cloud solutions. Dedicated to the UK Public Sector. Our business is designed specifically to serve and understand the needs of public sector organisations. We develop communities. We bring together communities of users that are able to share datasets, reuse code, test ideas and solve problems. Customer engagement. We will only be successful if our customers are successful. We embody this in the promise: Easy to adopt.

Easy to use.

Easy to leave. Additional information about UKCloud can be found at www.ukcloud.com or by following us on Twitter at @ukcloudltd UKCloud.

The power behind public sector technology.
Media ContactsCaitlin Mullally/Charlotte MartinFinn Partners+44 (0)20 3217 7060UKCloudteam@finnpartners.com