Red Hat Enterprise Linux 9.4 Officially Released, Here’s What’s New

This release introduces Python 3.12 and the ability to add customized files for SCAP security profile to a blueprint.
Red Hat Enterprise Linux 9

Red Hat announced the general availability of Red Hat Enterprise Linux 9.4 as the fourth update to the latest Red Hat Enterprise Linux 9 operating system series adding new and enhanced capabilities.

Highlights of Red Hat Enterprise Linux 9.4 include support to add customized files for SCAP security profile to a blueprint, support for the minimal RHEL installation to install only the s390utils-core package, and the ability to configure Keylime server components, the verifier and registrar, as containers.

This release also introduces a new option for the libkcapi library to specify target file names in hash-sum calculations, finer control over MACs in SSH with the crypto-policies package, additional services confined in the SELinux policy, and a new SELinux policy module for the SAP HANA service.

Furthermore, Red Hat Enterprise Linux 9.4 moves the glusterd SELinux module to a separate glusterfs-selinux package, provides the fips.so library for OpenSSL as a separate package, confines the chronyd-restricted service in the SELinux policy, and adds a drop-in directory for OpenSSL provider configuration.

Other noteworthy changes include support for user and group creation in OpenSSH to use the sysusers.d format and support for OpenSSH to limit artificial delays in authentication, new options for dropping capabilities in Rsyslog, and support for building FIPS-enabled RHEL for Edge images.

Last but not least, Red Hat Enterprise Linux 9.4 updates the nft utility to reset nftables rule-contained states, introduces a new driver for the Marvell Octeon PCIe Endpoint network interface controller, and updates NetworkManager with support for configuring the switchdev mode for advanced hardware offload.

This release also adds full support for the Intel data streaming accelerator driver and the Software Guard Extensions (SGX) Intel technology for protecting software code and data from disclosure and modification, and updates the firewalld service to avoid unnecessary firewall rule flushes.

The Nmstate library has been updated as well with new attributes for the VLAN interface, support creating a YAML file to revert settings and configure VPN connections based on IPsec configuration, support for creating MACsec interfaces, support for SR-IOV VLAN 802.1ad tagging, and support for the priority bond property.

The ss utility received visibility improvements to TCP bound-inactive sockets, the TCP Illinois congestion algorithm kernel module has been re-enabled, the rteval utility now supports adding and removing arbitrary CPUs from the default measurement CPU list, and the cyclicdeadline utility now supports generating a histogram of latencies.

Moreover, Red Hat Enterprise Linux 9.4 adds DEP/NX support in the pre-boot stage, rebases the eBPF facility to Linux kernel 6.6 LTS, adds support for setting a file system size limit, adds support for converting a standard LV to a thin LV by using the lvconvert command, and adds detection of FPIN-Li events for NVMe devices to the multipathd command.

On top of that, a new passwordless authentication method is available in SSSD to use a biometric device, Identity Management users can now use external identity providers to authenticate to IdM, OTP usage is now enforced for all LDAP clients, and the RHEL web console can now generate Ansible and shell scripts.

Updated components include SELinux 3.6, GnuTLS 3.8.3, nettle 3.9.1, p11-kit 0.25.3, libkcapi 1.4.0, stunnel 5.71, audit 3.1.2, Rsyslog 8.2310, SCAP Security Guide 0.1.72, openCryptoki 3.22.0, synce4l 1.0.0, chrony 4.5, linuxptp 4.2, elfutils 0.190, Go 1.21.0, Rust 1.75.0, LLVM 17.0.6, Git 2.43.0, Python 3.12, firewalld 1.3, nftables 1.0.9, iptables 1.8.10, PostgreSQL 16, MariaDB 10.11, nginx 1.24, PHP 8.2, Ruby 3.3.0, GCC 13, and Linux kernel 5.14.0-427.13.1.

Red Hat Enterprise Linux 9.4 is available via Red Hat’s Customer Portal for all existing customers with an active RHEL subscription. Those who don’t have a RHEL subscription and want to try the latest Red Hat Enterprise Linux release can download a 60-day evaluation edition from here.

Image credits: Red Hat

Last updated 3 weeks ago

Buy Me a Coffee at ko-fi.com