June 2020 - TuxCare

Benefits and Future of Working from Home [Podcast]

A decade as a fully remote company. Benefits and future of working from home by Igor Seletskiy.

In this podcast episode, KernelCare CEO Igor Seletskiy talks with Gaper.io’s Mark Allen about CloudLinux, and why it’s a fully remote company. In this article you will find a podcast recording and an overview of what they talked about during their conversation. 

Continue reading “Benefits and Future of Working from Home [Podcast]”

Why Rebootless Updates are Important for Servers [Podcast]

Why Rebootless Updates are Important for Servers-2

On 18 June, KernelCare CEO Igor Seletskiy was interviewed by Adam Torres on his Mission Matters Innovation podcast. The topic was rebootless updates, and why they’re important for servers. In this blog post you will find the answer to this question and an overview of what other insights were discussed during the podcast.

Continue reading “Why Rebootless Updates are Important for Servers [Podcast]”

Updating Linux Kernel Without Reboots [Live Patching Tools Overview]

Updating Linux Kernel Without Reboots - Live patching tools overview

Updating Linux kernels is a routine – as dull as taxes and only slightly less inconvenient than death. New security vulnerabilities in the Linux kernel seem to appear with tedious regularity and even get fancy names. In most but not all cases, the patches needed to fix them follow swiftly after. There is work involved in patching the kernel the latest Linux kernel security updates, and danger if you delay–leave it too long and bad actors might take advantage of the period of vulnerability.

Continue reading “Updating Linux Kernel Without Reboots [Live Patching Tools Overview]”

Stack unwinding in AArch64 processors: what is it and how it works

Stack unwinding in AArch64 processors_

For the past nine months, KernelCare’s Linux kernel live patching software has supported ARMv8 (AArch64) in addition to x86_64 (Intel IA32/AMD AMD64). To get KernelCare running on Arm, we needed a stack frame unwinder.

This article explains what they are, what they’re used for, and why we had to write our own.

Continue reading “Stack unwinding in AArch64 processors: what is it and how it works”

Developer Tutorial: Live patching Ubuntu 20.04 LTS Focal Fossa Linux kernel with Kpatch

Linux Kernel Live Patching on Ubuntu 20.04 LTS Focal Fossa copy

Live patching is a way of updating a Linux kernel without interruption. Because kernel updates don’t take effect until the system is rebooted, Linux kernel live patching is most commonly used to patch severe Linux kernel vulnerabilities without rebooting servers.

Aside from improved service continuity and uptime, organizations with large server fleets also use live patching to avoid the administrative overhead associated with the coordination and planning needed to reboot multiple systems.

This tutorial will show how to use Kpatch to change the behavior of a running Ubuntu 20.04 LTS Focal Fossa kernel without stopping it, changing the contents of /proc/uptime (and the uptime command) so that the system’s reported uptime is 10 years greater.

Continue reading “Developer Tutorial: Live patching Ubuntu 20.04 LTS Focal Fossa Linux kernel with Kpatch”

KernelCare Patches Against Spectre Vulnerability Are On The Way

Spectre blog

On 9 June, Anthony Steinhauser, an engineer at Google, made some urgent posts to the Linux kernel mailing list. In them, he pointed out that hardware bugs in Intel and AMD chips are leaving servers vulnerable to Spectre exploits–even after the kernel is patched. Fortunately, a fix for this problem is being developed by the KernelCare team. First patches will be available by the end of the week of 22 June.

Continue reading “KernelCare Patches Against Spectre Vulnerability Are On The Way”

Live Patching Linux On AWS EC2

Live Patching Linux On AWS EC2 blog image

CloudLinux is an Amazon Web Services (AWS) Advanced Technology Partner, and our live patching system, KernelCare, is currently being used to patch AWS Elastic Compute Cloud (EC2) systems.

How does KernelCare patch Linux kernels on AWS EC2 servers? Read on to find out. 

Continue reading “Live Patching Linux On AWS EC2”

SRBDS/CrossTalk (CVE-2020-0543) Vulnerability Being Patched By KernelCare

CVE-2020-0543-(SRBDS)

 

A new CPU vulnerability known as SRBDS/CrossTalk was discovered in June 2020. The team at KernelCare is currently creating a patch to close it down. Let’s examine this new vulnerability, and explore what we’re doing to eliminate it. 

Continue reading “SRBDS/CrossTalk (CVE-2020-0543) Vulnerability Being Patched By KernelCare”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching