Linux Kernel CVE Data Analysis - Part 2 - Vulnerabilities by Year

Jan 30, 2020 5:48:00 PM / by Paul Jacobs posted in Developer Blog

0 Comments

Introduction

In Part 1, I installed CouchDB, loaded CVE data into it, and ran a simple Mango query that listed the Linux kernel vulnerabilities for a chosen date range for all severities and all kernel versions.

Here, in Part 2, I will extend and refine that query to see results by severity and kernel version. But rather than run queries repeatedly, I will use the power of the command line to semi-automate the process, and Gnuplot will chart the results.

Read More

Linux Kernel CVE Data Analysis - Part 1 - Importing into CouchDB

Jan 30, 2020 5:47:00 PM / by Paul Jacobs posted in Developer Blog

0 Comments

Introduction

Which is the best Linux kernel?

Linux kernel developers tell us that the ‘best’ Linux kernel to use is the one that comes with whatever distribution we’re using. Or the latest stable version. Or the most recent long-term support (LTS) version. Or whatever one we want, so long as it’s maintained.

Choice is great, but I’d rather have a single answer; I just want the best. The trouble is, for some people, best means fastest. For others, the best is the one with the latest features, or a specific feature. For me, the best Linux kernel is the safest one.

Read More

KernelCare agent updated

Jan 29, 2020 4:22:07 PM / by Inessa Atmachian posted in KernelCare, KernelCare agent

0 Comments

 

Read More

Developer Tutorial: Live patching Debian 10 Linux kernel with Kpatch

Jan 27, 2020 2:28:00 PM / by Paul Jacobs posted in Developer Blog

0 Comments

Introduction

Live patching is a way of updating a Linux kernel without interruption.

Because kernel updates don’t take effect until the system is rebooted, Linux kernel live patching is most commonly used to patch severe Linux kernel vulnerabilities without rebooting servers.

Aside from improved service continuity and uptime, organizations with large server fleets also use live patching to avoid the administrative overhead associated with the coordination and planning needed to reboot multiple systems.

This tutorial will show how to use Kpatch to change the behavior of a running Debian 10 kernel without stopping it, changing the contents of /proc/uptime (and the uptime command) so that the system’s reported uptime is 10 years greater.

Read More

Reboot Server Now or Later? (Neither, thanks)

Dec 19, 2019 5:36:54 PM / by Alexandra Mitroshkina posted in KernelCare, KernelCare Blog, AWS_KernelCare, Live Patching, News

0 Comments

Were you at AWS re:Invent 2019?

I was, and it was a revelation.

“Will you reboot your Linux server in the next 30 days?”

That’s what I asked almost everyone who came to the KernelCare stand.

A third of you said yes. The main reason? Compliance.

Read More

Zombieload 2: The Patches for Centos7, Centos7-Plus, RHEL7 & OEL 7 are in production

Dec 12, 2019 1:54:08 PM / by KernelCare Team posted in KernelCare, CVE, MDS, Zombieload, Live Patching

2 Comments

KernelCare Team has released Centos7, Centos7-Plus, RHEL7, OEL 7 patches for CVE-2018-12207 to the production feed.

Read More

Zombieload 2: The Patches for CVE-2018-12207 are in the Test Feed!

Dec 2, 2019 3:19:51 PM / by KernelCare Team posted in KernelCare, CVE, MDS, Zombieload, Live Patching

0 Comments

KernelCare Team has released Centos7, Centos7-Plus, RHEL7, OEL 7 patches for CVE-2018-12207 to the test feed. The KernelCare test feed makes it possible to start using new patches earlier.

To install patches from the test feed, run the command:

Read More

Introducing KernelCare+: a premium subscription with glibc and OpenSSL patching + MORE

Nov 19, 2019 9:37:41 PM / by Alexandra Mitroshkina posted in KernelCare, KernelCarePlus

2 Comments

Available in March 2020. Learn more about what's included in the package below.

Read More

Zombieload 2: New set of Intel hardware vulnerabilities. KernelCare Team is on it!

Nov 13, 2019 5:11:29 PM / by KernelCare Team posted in KernelCare, CVE, MDS, Zombieload, Live Patching

6 Comments

We’ve just heard of a new bunch of Intel CPU vulnerabilities and we want you to know the KernelCare team have swung into action to create patches for them.
Subscribe to our blog to get instant update.
Read More

Arm-based Microprocessors Need Live Kernel Patching

Nov 12, 2019 7:00:00 AM / by KernelCare Team

0 Comments

Most IoT devices run on Arm-based processors. 71.8% of these processors use Linux as their operating system (OS). 

Read More