How LibraryCare Works

The patch is created by the KernelCare team.

A library’s source code–both original and patched–are translated into assembly language. These files are compared, and the new patched code is put in a new section of the same ELF file. After the code is compiled and linked, the patch is extracted from the resulting binaries. The patch files are extracted from the ELF sections.

The patch is uploaded to the patch server.

The binary files are treated as a single patch, which is then uploaded to a dedicated KernelCare patch server.

The patch server then distributes the patch to customers’ servers.

The patch is downloaded to the local agent.

An agent program on each local server, lcarectl, “talks to” the patch server, which looks for known libraries on the local server. The agent program then downloads the patch needed for each library present on the local server.

The patch is applied to the local server.

Using Linux APIs, memory near a library is allocated, and the patch is copied into it. After ensuring that no threads are executing the old library code, the agent program reroutes calls from old code to the new patched versions via unconditional jumps.

Learn more about LibraryCare

Supported Distributions

For a complete list of supported kernels and patches, visit this page

Out-of-the-box Integrations

Our customers

1,500+  enterprises, healthcare providers, government agencies, and universities trust TuxCare with their nearly 1M systems

Our customers

1,500+  enterprises, healthcare providers, government agencies, and universities trust TuxCare with their nearly 1M systems

TuxCare Pricing is Designed with the needs of IT Teams in Mind

Affordably priced in principle, TuxCare also provides volume discounts to large enterprise Linux infrastructures.

Starting from

$1.95
OSI / month
OSI - Operating System Image, including physical device, virtual machine or a public cloud instance.

* OSI – Operating System Image, including physical device, virtual machine or a public cloud instance

* Only available with KernelCare Enterprise subscription

Why patching just Linux kernels is not enough and why taking care of shared libraries is essential for your security?

We will give you three compelling reasons, but there are many more:

Heartbleed

Attackers exploiting this OpenSSL request validation flaw could read a server’s memory, then gain control of it. This vulnerability still exists on many systems, even though patches for it have been available since 2014.

Ghost

Attackers exploiting this glibc buffer overflow flaw could use gethostby functions to make network requests that enabled them to gain control of a server.

CVE-2021-22876

20-year-old vulnerability, that allows a specially configured web server to have access to credentials entered in a different web server, through improper behavior in libcurl.

Contact TuxCare

Add more security with other Live Patching Services by TuxCare

Automated live patching for Linux Kernels with centralized management & common automation and vulnerability management tools integration.

Learn More
IoT

Provides live patching for Linux kernels in IoT devices without disrupting ongoing processes and operations.

Learn More
QEMU

Protects enterprise virtualization stack with live patching that does not affect virtual machines or requires migrating them to other servers.

Learn More
DataBase

Keeps the enterprise’s most important asset, data, safe by live patching the database provider, MySQL, MariaDB or PostgreSQL, without interrupting the applications that depend on it.

Learn More

Automated live patching for Linux Kernels with centralized management & common automation and vulnerability management tools integration.

Learn More
IoT

Provides live patching for Linux kernels in IoT devices without disrupting ongoing processes and operations.

Learn More
QEMU

Protects enterprise virtualization stack with live patching that does not affect virtual machines or requires migrating them to other servers.

Learn More
DataBase

Keeps the enterprise’s most important asset, data, safe by live patching the database provider, MySQL, MariaDB or PostgreSQL, without interrupting the applications that depend on it.

Learn More

Your compare list

Compare
REMOVE ALL
COMPARE
0