Every month we do a lot of under-the-hood improvements to KernelCare which you may not notice, but trust us, it makes your KernelCare experience better. We've decided to share such updates with you on a monthly basis. Read the June update in this article.
In June, we released more features to KernelCare that we hope you will benefit from:
- SRBDS/CrossTalk (CVE-2020-0543) Vulnerability was successfully patched without a need of server reboot.
- The new version of KernelCare ePortal is now FIPS-compliant and allows using custom paths for certificates and uses system certificates by default, as opposed to the previous version which worked with certificates from certifi lib.
- KernelCare Live Patching is now available for AWS Graviton2-Based Instances.
- You can now compare all live patching tools on KernelCare website.
Continue reading to learn more in detail.
More Critical Vulnerabilities Patched
Without a Reboot
- SRBDS/CrossTalk Vulnerability (CVE-2020-0543) was completely patched by KernelCare. The mitigation requires a microcode update. To do this without a reboot - refer to our mitigation instructions.
We started working on the updated patches against Spectre vulnerability.
On 9 June, Anthony Steinhauser reported that hardware bugs in Intel and AMD chips are leaving servers vulnerable to Spectre exploits--even after the kernel is patched. KernelCare is working on the patches and they will start rolling out on the first week of July 2020. Keep an eye on this blog post for the updates.
Major Updates in ePortal
More enhancements were added to the new ePortal version. In addition to becoming FIPS-compliant, ePortal certification usage logic was enhanced in this new release. Previously, ePortal has been working with certificates provided by certifi lib. The current release changes this logic. ePortal 1.11-1 uses system certificates by default.
Run yum -y install kcare-eportal command to update ePortal to 1.11-1 version.
Unfortunately, KernelCare ePortal will no longer be available for CentOS 6 users starting from July 6, 2020. Click here to get the migration instructions.
More podcasts about Linux Kernel Live Patching were produced
New Mission Matters Innovation podcast featuring Adam Torres and Igor Seletskiy, Founder & CEO at KernelCare was published. Listen here and learn why rebootless updates can save companies both time and money.
Do not forget to check out KernelCare May 2020 update to see what was new then.