Red Hat announced the general availability of Red Hat Enterprise Linux 9.4 as the fourth update to the latest Red Hat Enterprise Linux 9 operating system series adding new and enhanced capabilities.
Highlights of Red Hat Enterprise Linux 9.4 include support to add customized files for SCAP security profile to a blueprint, support for the minimal RHEL installation to install only the s390utils-core
package, and the ability to configure Keylime server components, the verifier and registrar, as containers.
This release also introduces a new option for the libkcapi
library to specify target file names in hash-sum calculations, finer control over MACs in SSH with the crypto-policies
package, additional services confined in the SELinux policy, and a new SELinux policy module for the SAP HANA service.
Furthermore, Red Hat Enterprise Linux 9.4 moves the glusterd
SELinux module to a separate glusterfs-selinux
package, provides the fips.so
library for OpenSSL as a separate package, confines the chronyd-restricted
service in the SELinux policy, and adds a drop-in directory for OpenSSL provider configuration.
Other noteworthy changes include support for user and group creation in OpenSSH to use the sysusers.d
format and support for OpenSSH to limit artificial delays in authentication, new options for dropping capabilities in Rsyslog, and support for building FIPS-enabled RHEL for Edge images.
Last but not the least, Red Hat Enterprise Linux 9.4 updates the nft
utility to reset nftables
rule-contained states, introduces a new driver for the Marvell Octeon PCIe Endpoint network interface controller, and updates NetworkManager with support for configuring the switchdev
mode for advanced hardware offload.
This release also adds full support for the Intel data streaming accelerator driver and the Software Guard Extensions (SGX) Intel technology for protecting software code and data from disclosure and modification, and updates the firewalld
service to avoid unnecessary firewall rule flushes.
The Nmstate library has been updated with new features. These include new attributes for the VLAN interface, creating a YAML file to revert to old settings, configuring VPN connections based on IPsec configuration, creating MACsec interfaces, SR-IOV VLAN 802.1ad tagging, and the priority
bond property.
The ss
utility has been upgraded to improve visibility to TCP bound-inactive sockets. The TCP Illinois congestion algorithm kernel module is once again enabled, the rteval
utility now allows for adding and removing CPUs from the default measurement CPU list, and the cyclicdeadline
utility can now generate a histogram of latencies.
In addition, Red Hat Enterprise Linux 9.4 introduces DEP/NX support in the pre-boot stage, rebases the eBPF facility to Linux kernel 6.6 LTS, allows setting a file system size limit, supports conversion of a standard LV to a thin LV using the lvconvert
command, and has added an FPIN-Li event detection for NVMe devices to the multipathd
command.
On top of that, a new passwordless authentication method is available in SSSD to use a biometric device, Identity Management users can now use external identity providers to authenticate to IdM, OTP usage is now enforced for all LDAP clients, and the RHEL web console can now generate Ansible and shell scripts.
Updated components include SELinux 3.6, GnuTLS 3.8.3, nettle 3.9.1, p11-kit 0.25.3, libkcapi 1.4.0, stunnel 5.71, audit 3.1.2, Rsyslog 8.2310, SCAP Security Guide 0.1.72, openCryptoki 3.22.0, synce4l 1.0.0, chrony 4.5, linuxptp 4.2, elfutils 0.190, Go 1.21.0, Rust 1.75.0, LLVM 17.0.6, Git 2.43.0, Python 3.12, firewalld 1.3, nftables 1.0.9, iptables 1.8.10, PostgreSQL 16, MariaDB 10.11, nginx 1.24, PHP 8.2, Ruby 3.3.0, GCC 13, and Linux kernel 5.14.0-427.13.1.
Red Hat Enterprise Linux 9.4 is available via Red Hat’s Customer Portal for all existing customers with an active RHEL subscription. Those who don’t have a RHEL subscription and want to try the latest Red Hat Enterprise Linux release can download a 60-day evaluation edition from here.
Image credits: Red Hat
Last updated 7 hours ago