It is Fall in the Northern Hemisphere, and everyone’s out gazing into the clear dark skies when they should be indoors looking after their servers. Why?
Because yet another 10-year-old flaw has been found in the Linux kernel, this time in the create_elf_tables() function, that, when subject to an integer overflow condition, can allow root-level privileged code to run. Continue reading “KernelCare live patches ‘Mutagen Astronomy’”
At Interop ITX 2018 in Las Vegas earlier this month, visitors had the chance to stop by the KernelCare booth, meet our team and talk about our rebootless and automated kernel security updates service. They also had a chance to participate in a raffle – every visitor had an option to receive an instant-win scratch card for a chance to win one of 7 totally awesome portable speakers. And in the end, they all earned additional ways to enter into a big giveaway to win Bose QuietComfort 35 (Series I) wireless headphones for trying out KernelCare, or simply engaging with us through our social media channels. And as always, purchasing KernelCare was not required. Continue reading “The winner of our Interop raffle has been announced!”
We’ve just published a Technical White Paper called KernelCare: Live Kernel Patching for Linux. It covers what KernelCare is, how it works and why you need it. We give an overview of setting up custom patch servers, both within and without firewalls, and we show what the patch management GUI looks like. We explain what delayed and sticky patches are, take a quick look at automating patch monitoring (through Nagios, Zabbix or the REST API) and show how to integrate with Rapid7 Nexpose. Security compliance questions are answered – so you can be sure that KernelCare’s live patching and security scanner interface is enabled properly.
Continue reading “KernelCare Technical Whitepaper”
A few weeks ago we released the KernelCare “Extra” Patchset with the security fixes and the symlink protection available to all KernelCare customers running CentOS kernels. Today we are pleased to share that you can get the Symlink Protection Patchset for CentOS 6 and 7 at no cost, even if you don’t have licenses of KernelCare. Continue reading “The Symlink Protection patchset is available for free for CentOS 6 & 7”
ptrace virtualization code to the debug registers has an incorrect error handling which was discovered by Andy Lutomirski and disclosed today (CVE–2018–1000199). This vulnerability can lead to corruption and DoS. In practice, if an illegal value is written, such as DR0, the internal state of the kernel’s breakpoint tracking can become corrupt even though the
ptrace() call will return -EINVAL.
Continue reading “New vulnerability found in Linux kernel, patched by KernelCare”
In light of the recent Dirty Cow exploit, said by experts to be the “Most serious” Linux privilege-escalation bug ever, we’ve decided to push forward our prior plans to offer KernelCare for free for nonprofit organizations so that they can protect themselves from critical vulnerabilities including the Dirty Cow CVE-2016-5195. Continue reading “Nonprofits can now live patch kernels for free”
I am thrilled to let you know that we have published a toolset for livepatching of user space software, called LibCare, to GitHub. It is released under the GPL2 license and allows software developers to develop and apply patches to their running software without the need to restart it.
Continue reading “LibCare is now available as Open Source on GitHub”
The 2018 Best of Interop ITX awards finalists were just revealed, and we are thrilled to share that KernelCare has been selected as the finalist in the Infrastructure category. Traditional IT infrastructure is changing giving way to new software-defined technologies, cloud, and automation. In this category, Interop ITX 2018 recognizes products that help enterprises adapt to the new era of infrastructure. Continue reading “KernelCare selected as Best of Interop 2018 finalist!”
KernelCare supports a large number of distributions and kernel versions. List of all supported distributions, kernels, as well as patches for them is available at patches.kernelcare.com.
Continue reading “What Distributions and Kernels are Supported by KernelCare?”
UPDATE as of August 28th: UEK version 4 is now also supported!
If you are running the Unbreakable Enterprise Kernel (UEK), which is included as part of Oracle Linux, you already know that it is optimized for stability and security for enterprise cloud workloads. The UEK includes enhancements that benefit Oracle Database, middleware, applications and hardware. It is thoroughly tested and is recommended for all enterprise deployments. It powers the Oracle Cloud and the Oracle Engineered Systems. Continue reading “KernelCare Now Supports the UEK for Oracle Linux”