Merge pull request #213 from sboldyreva/os-new

ELS for OS: updates

Author: annkots

docs/.vuepress/config-client/sidebar.ts

@@ -40,7 +40,7 @@ export default {
                 "/els-for-os/ubuntu-16-04-els/",
                 "/els-for-os/ubuntu-18-04-els/",
                 "/els-for-os/ubuntu-20-04-els/",
-                "/els-for-os/security-updates/",
+                "/els-for-os/machine-readable-security-data/",
             ]
         },
     ],

docs/.vuepress/routes.json

@@ -90,9 +90,8 @@
     "/els-for-languages/spring-framework-and-spring-boot/#technical-support": "/els-for-runtimes-and-libraries/#technical-support",
     "/els-for-languages/python-libraries/": "/els-for-runtimes-and-libraries/python-libraries/",
     "/local-mirror-els-for-languages/": "/local-mirror-for-els-php/",
-    "/els-for-os/#cve-status-definition": "/els-for-os/security-updates/#cve-status-definition",
-    "/els-for-os/#errata-advisories": "/els-for-os/security-updates/#errata-advisories",
-    "/els-for-os/#oval-patch-definitions": "/els-for-os/security-updates/#oval-patch-definitions",
+    "/els-for-os/#errata-advisories": "/els-for-os/machine-readable-security-data/#errata-advisories",
+    "/els-for-os/#oval-patch-definitions": "/els-for-os/machine-readable-security-data/#oval-patch-definitions",
     "/els-for-os/#centos-6-els": "/els-for-os/centos-6-els/",
     "/els-for-os/#oraclelinux-6-els": "/els-for-os/oracle-linux-6-els/",
     "/els-for-os/#oraclelinux-7-els": "/els-for-os/oracle-linux-7-els/",
@@ -104,12 +103,12 @@
     "/els-for-os/#ubuntu-16-04-els": "/els-for-os/ubuntu-16-04-els/",
     "/els-for-os/#ubuntu-18-04-els": "/els-for-os/ubuntu-18-04-els/",
     "/els-for-os/#ubuntu-20-04-els": "/els-for-os/ubuntu-20-04-els/",
-    "/els-for-os/#oval-data": "/els-for-os/security-updates/#oval-patch-definitions",
-    "/els-for-os/#introduction": "/els-for-os/security-updates/#oval-patch-definitions",
-    "/els-for-os/#tuxcare-els-oval-streams": "/els-for-os/security-updates/#tuxcare-els-oval-streams",
-    "/els-for-os/#how-to-use-openscap-with-tuxcare-els": "/els-for-os/security-updates/#how-to-use-openscap-with-tuxcare-els",
-    "/els-for-os/#how-integrate-the-oval-data-with-a-new-vulnerability-scanner": "/els-for-os/security-updates/#how-to-integrate-the-oval-data-with-a-new-vulnerability-scanner",
-    "/els-for-os/#tuxcare-csaf-data": "/els-for-os/security-updates/#tuxcare-csaf-data",
-    "/els-for-os/#common-security-advisory-framework": "/els-for-os/security-updates/#common-security-advisory-framework",
-    "/els-for-os/#tuxcare-els-rss-releases-feeds": "/els-for-os/security-updates/#tuxcare-els-rss-releases-feeds"
+    "/els-for-os/#oval-data": "/els-for-os/machine-readable-security-data/#oval-patch-definitions",
+    "/els-for-os/#introduction": "/els-for-os/machine-readable-security-data/#oval-patch-definitions",
+    "/els-for-os/#tuxcare-els-oval-streams": "/els-for-os/machine-readable-security-data/#tuxcare-els-oval-streams",
+    "/els-for-os/#how-to-use-openscap-with-tuxcare-els": "/els-for-os/machine-readable-security-data/#how-to-use-openscap-with-tuxcare-els",
+    "/els-for-os/#how-integrate-the-oval-data-with-a-new-vulnerability-scanner": "/els-for-os/machine-readable-security-data/#how-to-integrate-the-oval-data-with-a-new-vulnerability-scanner",
+    "/els-for-os/#tuxcare-csaf-data": "/els-for-os/machine-readable-security-data/#tuxcare-csaf-data",
+    "/els-for-os/#common-security-advisory-framework": "/els-for-os/machine-readable-security-data/#common-security-advisory-framework",
+    "/els-for-os/#tuxcare-els-rss-releases-feeds": "/els-for-os/machine-readable-security-data/#tuxcare-els-rss-releases-feeds"
 }

docs/els-for-os/README.md

@@ -25,8 +25,6 @@ TuxCare Endless Lifecycle Support, by default, provides security patches for Hig
 
 Custom coverage options are available, including a 10-pack of customer-directed patches for clients who need CVEs patched outside of the ELS scope. Specific details regarding these coverage options and their pricing can be obtained by contacting our sales team.
 
-More about [security updates](./security-updates/).
-
 ## Target response times
 
 Aligning with many industry standards and regulatory requirements, TuxCare is committed to delivering timely security updates. For instance, the Payment Card Industry Data Security Standard (PCI DSS) mandates that all 'High' vulnerabilities (CVSS score of 7.0+) must be addressed within 30 days. Other regulations and standards, such as the Health Insurance Portability and Accountability Act (HIPAA) for healthcare or the Federal Information Security Management Act (FISMA) for government agencies, uphold similar requirements.
@@ -35,6 +33,50 @@ We aim to deliver security patches for critical and high-risk vulnerabilities (C
 
 Requests for customer-directed security patches for CVEs that are outside of the ELS scope will be reviewed within 3 working days. If the request is accepted, we will provide the patch within the next 14 days.
 
+## Rollout Process
+
+For several platforms, TuxCare delivers security updates through a staged rollout repositories. This process may take up to 14 additional days after a patch is published to stable repositories.
+
+During the rollout period, updates are applied in the usual way with standard package manager commands. 
+
+**For example, standard update for kernel**:
+
+<CodeWithCopy>
+
+```
+yum update kernel*
+```
+
+</CodeWithCopy>
+
+If you need to apply the fix immediately without waiting for the rollout to complete, you can use the bypass repository. The necessary instructions are always provided on the release information page.
+
+**For example (packages in the 3rd rollout slot)**:
+
+<CodeWithCopy>
+
+```
+yum update kernel* --enablerepo=centos7els-rollout-3-bypass
+```
+
+</CodeWithCopy>
+
+You can track the status of vulnerabilities and their corresponding fixes via [cve.tuxcare.com](https://cve.tuxcare.com/):
+* [Vulnerabilities](https://cve.tuxcare.com/els/cve)
+* [Fixes](https://cve.tuxcare.com/els/releases)
+
+## CVE status definition
+
+- Needs Triage: Vulnerability information received and pending initial review
+- In Research: Investigating the details of the vulnerability
+- In Progress: Developing a fix for the identified vulnerability
+- In Testing: Testing the developed fix for the vulnerability
+- In Rollout: Releasing the fix in rollout repositories
+- Released: Fix has been fully released to all users
+- Ignored: This CVE is ignored for specific reasons (low score or another), detailed in the statement field
+- Not Vulnerable: The vulnerability does not affect our version
+- Already Fixed: The vulnerability has already been addressed by the vendor
+
 ## Supported packages
 
 TuxCare's Endless Lifecycle Support provides updates for a comprehensive list of packages integral to server operations (100+ packages), providing maximum security for your operating system. You can view the full list of supported packages for each operating system, as well as get detailed information on the patched Common Vulnerabilities and Exposures (CVEs), [here](https://cve.tuxcare.com/els/projects). The list of supported packages may change as projects can be added or removed from the list. Support for additional packages can be provided on request.

docs/els-for-os/security-updates/README.md renamed to docs/els-for-os/machine-readable-security-data/README.md

@@ -1,4 +1,4 @@
-# Security Updates
+# Machine-Readable Security Data (Errata, OVAL, CSAF)
 
 TuxCare provides the following security updates for ELS for OS:
 
@@ -14,18 +14,6 @@ TuxCare Endless Lifecycle Support provides qualified security and selected bug-f
 
 You can view the full list of released fixes on [cve.tuxcare.com](https://cve.tuxcare.com/els/releases).
 
-## CVE status definition
-
-- Needs Triage: Vulnerability information received and pending initial review
-- In Research: Investigating the details of the vulnerability
-- In Progress: Developing a fix for the identified vulnerability
-- In Testing: Testing the developed fix for the vulnerability
-- In Rollout: Releasing the fix in rollout repositories
-- Released: Fix has been fully released to all users
-- Ignored: This CVE is ignored for specific reasons (low score or another), detailed in the statement field
-- Not Vulnerable: The vulnerability does not affect our version
-- Already Fixed: The vulnerability has already been addressed by the vendor
-
 ## OVAL patch definitions
 
 Leveraging the Open Vulnerability and Assessment Language (OVAL) patch definitions with OVAL-compatible tools, e.g. OpenSCAP, users can accurately check their systems for the presence of vulnerabilities.