KernelCare supports a large number of distributions and kernel versions. List of all supported distributions, kernels, as well as patches for them is available at patches.kernelcare.com.
It is Fall in the Northern Hemisphere, and everyone’s out gazing into the clear dark skies when they should be indoors looking after their servers. Why?
Because yet another 10-year-old flaw has been found in the Linux kernel, this time in the create_elf_tables() function, that, when subject to an integer overflow condition, can allow root-level privileged code to run.
We’ve just published a Technical White Paper called KernelCare: Live Kernel Patching for Linux. It covers what KernelCare is, how it works and why you need it. We give an overview of setting up custom patch servers, both within and without firewalls, and we show what the patch management GUI looks like. We explain what delayed and sticky patches are, take a quick look at automating patch monitoring (through Nagios, Zabbix or the REST API) and show how to integrate with Rapid7 Nexpose.
UPDATE as of August 28th: UEK version 4 is now also supported!
If you are running the Unbreakable Enterprise Kernel (UEK), which is included as part of Oracle Linux, you already know that it is optimized for stability and security for enterprise cloud workloads. The UEK includes enhancements that benefit Oracle Database, middleware, applications and hardware. It is thoroughly tested and is recommended for all enterprise deployments. It powers the Oracle Cloud and the Oracle Engineered Systems.
Rebooting your servers hurts your customers and hurts you. It is often done deep in the night to minimize the impact on peak-time services. It forces downtime on you and your business. A server reboot can take 15 minutes or more to complete. It can take even longer for performance to stabilize and for you to confirm all services are running. Rebooting is not something you want to do often. But a reboot is the only way to apply patches for kernel security vulnerabilities.
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in the EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
At Interop ITX 2018 in Las Vegas earlier this month, visitors had the chance to stop by the KernelCare booth, meet our team and talk about our rebootless and automated kernel security updates service. They also had a chance to participate in a raffle - every visitor had an option to receive an instant-win scratch card for a chance to win one of 7 totally awesome portable speakers. And in the end, they all earned additional ways to enter into a big giveaway to win Bose QuietComfort 35 (Series I) wireless headphones for trying out KernelCare, or simply engaging with us through our social media channels. And as always, purchasing KernelCare was not required.
ptrace virtualization code to the debug registers has an incorrect error handling which was discovered by Andy Lutomirski and disclosed today (CVE–2018–1000199). This vulnerability can lead to corruption and DoS. In practice, if an illegal value is written, such as DR0, the internal state of the kernel’s breakpoint tracking can become corrupt even though the
ptrace() call will return -EINVAL.
The 2018 Best of Interop ITX awards finalists were just revealed, and we are thrilled to share that KernelCare has been selected as the finalist in the Infrastructure category. Traditional IT infrastructure is changing giving way to new software-defined technologies, cloud, and automation. In this category, Interop ITX 2018 recognizes products that help enterprises adapt to the new era of infrastructure.
A few weeks ago we released the KernelCare "Extra" Patchset with the security fixes and the symlink protection available to all KernelCare customers running CentOS kernels. Today we are pleased to share that you can get the Symlink Protection Patchset for CentOS 6 and 7 at no cost, even if you don’t have licenses of KernelCare.