To operate servers securely, it’s not enough to patch their Linux kernels. Their shared software libraries must be patched as well. Otherwise, an enterprise lays itself open to attacks that exploit vulnerabilities such as Heartbleed or GHOST. The usual way that enterprises deal with library vulnerabilities is by rebooting their servers or restarting the applications which cause downtime and windows of vulnerability. Besides, admins rarely know exact libraries that services were using, so they just reboot the whole server to update them all.
In case servers have been patched manually, without a reboot, shared libraries may still contain vulnerabilities. When libraries are updated on disk, old unpatched files can persist in a server’s memory. Also, vulnerability scanners don’t detect these old unpatched library files in memory.
FORMERLY KNOWN AS KERNELCARE+, LIBRARYCARE DETECTS AND UPDATES VULNERABLE SHARED LIBRARIES IN-MEMORY WITHOUT DISRUPTING THE APPLICATIONS USING THEM
The binary files are treated as a single patch, which is then uploaded to a dedicated KernelCare patch server.
The patch server then distributes the patch to customers’ servers.
Affordably priced in principle, TuxCare also provides volume discounts to large enterprise Linux infrastructures.
Starting from
* OSI – Operating System Image, including physical device, virtual machine or a public cloud instance
We will give you three compelling reasons, but there are many more:
Attackers exploiting this OpenSSL request validation flaw could read a server’s memory, then gain control of it. This vulnerability still exists on many systems, even though patches for it have been available since 2014.
Attackers exploiting this glibc buffer overflow flaw could use gethostby functions to make network requests that enabled them to gain control of a server.
20-year-old vulnerability, that allows a specially configured web server to have access to credentials entered in a different web server, through improper behavior in libcurl.
Automated live patching for Linux Kernels with centralized management & common automation and vulnerability management tools integration.
Learn More
IoT
Provides live patching for Linux kernels in IoT devices without disrupting ongoing processes and operations.
Learn More
QEMU
Protects enterprise virtualization stack with live patching that does not affect virtual machines or requires migrating them to other servers. Available in Q3 2021.
Learn More
DataBase
Keeps the enterprise’s most important asset, data, safe by live patching the database provider, MySQL, MariaDB or PostgreSQL, without interrupting the applications that depend on it. Available in Q3 2021.
Learn More
Automated live patching for Linux Kernels with centralized management & common automation and vulnerability management tools integration.
Learn More
Provides live patching for Linux kernels in IoT devices without disrupting ongoing processes and operations.
Learn More
Protects enterprise virtualization stack with live patching that does not affect virtual machines or requires migrating them to other servers.
Learn More
Keeps the enterprise’s most important asset, data, safe by live patching the database provider, MySQL, MariaDB or PostgreSQL, without interrupting the applications that depend on it.
Learn More
