Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
April 7, 2021 - TuxCare expert team
When you see so many vulnerabilities being reported and so many security-related issues being exploited, you may think to yourself “I’m lucky not to be using that package or software, I’m not vulnerable to this”.
Welcome to the world of software dependencies.
You may not be using curl/libcurl directly, but your browser sure is, even if you’re not aware of it. Or worse, your webserver is calling libcurl when it’s checking certificate chains in the backend. Or maybe it’s OpenSSL that’s being used to validate encrypted communications to your new application through a 3rd-party library you used.
Long story short, software developers are not fond of reinventing the wheel, and rightly so, and rely on tried and tested libraries to accomplish common-use scenarios like encryption, file management, communication, input validation, so on. This lets them focus on core application functionality. This is true for end-user applications as well as for server packages like databases, e-mail and web servers or artificial intelligence frameworks.
So, when those vulnerability reports come in, as so often happens, even apparently unrelated software can be exposed to them. So how can you know? It’s not very practical to go over the technical specifications of each application, or sometimes not even possible at all, how can you make sure you’re not using something vulnerable through a dependency of your applications?
This is where the KernelCare team stepped up, and created UChecker. It’s a tool that analyzes your system looking for vulnerable libraries being used by other applications, giving you a global look at packages that need to be updated as soon as possible. You will get detailed information regarding which program is using which vulnerable library.
Let’s take a look at UChecker in action:
curl -s -L https://kernelcare.com/uchecker | python
(UChecker running on a CentOS 7 fresh install, for demo purposes only. List intentionally shortened.)
And this means that this system needs to update several libraries. They are being called by multiple system services. You can simply update the affected libraries using your usual update tool.
Don’t forget to restart the affected services if your update tool fails to do so, because traditional update tools only touch the library files on disk, and any library already being used and currently residing in memory will continue to have the old code.
Unlike UChecker, other scanners wrongly check only on disk content for patch compliance and fail to spot in memory outdated versions, so you can be tricked into believing that your system is safe when it really isn’t.
After all the updates are done, this is the desired output:
UChecker is a free and open source tool you can use to validate your update mechanisms are working correctly. It can be integrated with tools like Nagios to alert you for systems running outdated libraries, or other monitoring and management tools. This can also help you prevent needless reboots by letting you know exactly which programs need to be restarted due to a vulnerable library update.
For added peace of mind, you could use KernelCare+ to receive updates automatically without having to restart applications, but even using UChecker alone will give you actionable information to improve your security awareness and patching process.
Learn About Live Patching with TuxCare
End-of-life software is just a fact of our fast-paced technology...
Look, everyone knows that it’s a tough act. Thousands of...
The public sector, including state and federal agencies, are at...
If your organization deploys IoT solutions, you know that development...
We continue to look at the code issues that cause...
Catastrophic risks such as natural disasters and indeed cyberattacks require...