1. Forums
  2. General
  3. General Discussion
  1. Scott Mutter
  2. Wednesday, 26 October 2016
  3.  Subscribe via email
kcarectl --check doesn't do anything to indicate that a new update is available
Rate this post:
  1. 26.10.2016 11:10:23
  2. # 1
Scott Mutter Accepted Answer
Posts: 56
Joined: 23.04.2014
0
Votes
Undo
Throughout this latest Dirty COW outbreak, the ability to check for Kernelcare updates appears to have become broken.

--check isn\'t returning anything to indicate that an update is necessary

# kcarectl --check
No update necessary
# kcare-uname -r
6626.32-042stab117.16
# kcarectl --update
Updates already downloaded
Kernel is safe
# kcare-uname -r
2.6.32-042stab120.3

There was an update, but kcarectl --check didn\'t indicate that there was an update.

Is this something that is being overlooked in Kernelcare? I would really like to be able to check for updates before having them applied. After all, I thought that was the point of the --check parameter
  1. 27.10.2016 08:10:43
  2. # 2
Bogdan Accepted Answer
Posts: 709
Joined: 26.06.2013
0
Votes
Undo
Hello,

That looks like a bug, I have reported this to our developers. Will update this thread with any news about it.

Thanks for letting us know.
  1. 28.11.2016 13:11:06
  2. # 3
Scott Mutter Accepted Answer
Posts: 56
Joined: 23.04.2014
0
Votes
Undo
Any update on this?  Because I see that it's still not working.
  1. 29.11.2016 15:11:44
  2. # 4
Bogdan Accepted Answer
Posts: 709
Joined: 26.06.2013
0
Votes
Undo
I see this bug is \'In progress\' state now. But, could you please provide me with the output of \"kcarectl --patch-info\" ?
  1. 30.11.2016 12:11:28
  2. # 5
Scott Mutter Accepted Answer
Posts: 56
Joined: 23.04.2014
0
Votes
Undo
# kcarectl --version
2.9-1


# kcarectl --check
No update necessary


# kcarectl --patch-info
OS: centos6
kernel: kernel-2.6.32-573.18.1.el6
time: 2016-10-21 11:58:06
uname: 2.6.32-642.6.1.el6.x86_64+

kpatch-name: 2.6.32/rds-verify-the-underlying-transport-exists-before-creating-a.patch
kpatch-description: RDS: verify the underlying transport exists before creating a connection
kpatch-kernel: vzkernel-2.6.32-042stab112.15
kpatch-cve: CVE-2015-6937
kpatch-cvss: 7.1
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2015-6937
kpatch-patch-url: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=74e98eb085889b0d2d4908f59f6e00026063014f

kpatch-name: 2.6.32/fix-incomplete-CVE-2015-6937.patch
kpatch-description: Complete earlier incomplete fix to CVE-2015-6937
kpatch-kernel: >vzkernel-2.6.32-042stab112.15
kpatch-cve: CVE-2015-7990
kpatch-cvss: 7.1
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-7990
kpatch-patch-url: https://lkml.org/lkml/diff/2015/10/16/530/1

kpatch-name: 2.6.32/CVE-2016-0774.patch
kpatch-description: Fix pipe buffer state corruption.
kpatch-kernel: kernel-2.6.32-573.22.1.el6
kpatch-cve: CVE-2016-0774
kpatch-cvss: 5.4
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-0774
kpatch-patch-url: N/A

kpatch-name: 2.6.32/kcare-mitigate-cve-2015-5157.patch
kpatch-description: Disable modification of LDT by userspace processes.
kpatch-kernel: kernel-2.6.32-573.26.1.el6
kpatch-cve: CVE-2015-5157
kpatch-cvss: 5.7
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2015-5157
kpatch-patch-url:

kpatch-name: 2.6.32/sctp-prevent-soft-lockup-when-sctp_accept-is-called-.patch
kpatch-description: sctp: Prevent soft lockup when sctp_accept() is called during a timeout event
kpatch-kernel: kernel-2.6.32-573.26.1.el6
kpatch-cve: CVE-2015-8767
kpatch-cvss: 7.1
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-8767
kpatch-patch-url: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e

kpatch-name: 2.6.32/virt-kvm-inject-UD-if-instruction-emulation-fails-and-exit-to-userspace.patch
kpatch-description: kvm: inject #UD if instruction emulation fails and exit to userspace
kpatch-kernel: kernel-2.6.32-642.el6
kpatch-cve: CVE-2010-5313 CVE-2014-7842
kpatch-cvss: 4
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2010-5313
kpatch-patch-url: https://access.redhat.com/labs/psb/versions/kernel-2.6.32-642.el6/patches/virt-kvm-inject-UD-if-instruction-emulation-fails-and-exit-to-userspace

kpatch-name: 2.6.32/virt-kvm-inject-UD-if-instruction-emulation-fails-and-exit-to-userspace.kpatch-1.patch
kpatch-description: kvm: inject #UD if instruction emulation fails and exit to userspace (KernelCare adoptation)
kpatch-kernel: kernel-2.6.32-642.el6
kpatch-cve: CVE-2010-5313 CVE-2014-7842
kpatch-cvss: 4
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2010-5313
kpatch-patch-url: https://access.redhat.com/labs/psb/versions/kernel-2.6.32-642.el6/patches/virt-kvm-inject-UD-if-instruction-emulation-fails-and-exit-to-userspace

kpatch-name: 2.6.32/virt-kvm-x86-Don-t-report-guest-userspace-emulation-error-to-userspace.patch
kpatch-description: kvm: x86: Don\'t report guest userspace emulation error to userspace
kpatch-kernel: kernel-2.6.32-642.el6
kpatch-cve: CVE-2010-5313 CVE-2014-7842
kpatch-cvss: 4
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2010-5313
kpatch-patch-url: https://access.redhat.com/labs/psb/versions/kernel-2.6.32-642.el6/patches/virt-kvm-x86-Don-t-report-guest-userspace-emulation-error-to-userspace

kpatch-name: 2.6.32/netdrv-virtio-net-drop-NETIF_F_FRAGLIST.patch
kpatch-description: virtio-net: drop NETIF_F_FRAGLIST
kpatch-kernel: kernel-2.6.32-642.el6
kpatch-cve: CVE-2015-5156
kpatch-cvss: 6.8
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-5156
kpatch-patch-url: http://marc.info/?l=linux-netdev&;m=143868216724068&w=2

kpatch-name: 2.6.32/0020-net-add-validation-for-the-socket-syscall-protocol-a.patch
kpatch-description: net: add validation for the socket syscall protocol argument
kpatch-kernel: kernel-2.6.32-642.el6
kpatch-cve: CVE-2015-8543
kpatch-cvss: 4.6
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-8543
kpatch-patch-url: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9

kpatch-name: 2.6.32/x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-espfix32-s-benefit.patch
kpatch-description: x86, kvm: Clear paravirt_enabled on KVM guests for espfix32\'s benefit
kpatch-kernel: kernel-2.6.32-642.el6
kpatch-cve: CVE-2014-8134
kpatch-cvss: 1.9
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2014-8134
kpatch-patch-url: https://git.kernel.org/linus/29fa6825463c97e5157284db80107d1bfac5d77b

kpatch-name: 2.6.32/x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-espfix32-s-benefit.kpatch-1.573.patch
kpatch-description: x86, kvm: Clear paravirt_enabled on KVM guests for espfix32\'s benefit
kpatch-kernel: kernel-2.6.32-642.el6
kpatch-cve: CVE-2014-8134
kpatch-cvss: 1.9
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2014-8134
kpatch-patch-url: https://git.kernel.org/linus/29fa6825463c97e5157284db80107d1bfac5d77b

kpatch-name: 2.6.32/ext4-make-orphan-functions-be-no-op-in-no-journal-mo.patch
kpatch-description: ext4: make orphan functions be no-op in no-journal mode
kpatch-kernel: kernel-2.6.32-642.el6
kpatch-cve: CVE-2015-7509
kpatch-cvss: 6
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-7509
kpatch-patch-url: https://git.kernel.org/linus/c9b92530a723ac5ef8e352885a1862b18f31b2f5

kpatch-name: 2.6.32/ext4-avoid-hang-when-mounting-non-journal-filesystem.patch
kpatch-description: ext4: avoid hang when mounting non-journal filesystems with orphan list
kpatch-kernel: kernel-2.6.32-642.el6
kpatch-cve: CVE-2015-7509
kpatch-cvss: 6
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2015-7509
kpatch-patch-url: https://git.kernel.org/linus/0e9a9a1ad619e7e987815d20262d36a2f95717ca

kpatch-name: 2.6.32/netfilter-x_tables-validate-e-target_offset-early.patch
kpatch-description: netfilter: x_tables: validate e->target_offset early
kpatch-kernel: vzkernel-2.6.32-042stab116.2
kpatch-cve: CVE-2016-4997, CVE-2016-4998
kpatch-cvss: N/A
kpatch-cve-url: http://www.openwall.com/lists/oss-security/2016/06/24/5
kpatch-patch-url: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=bdf533de6968e9686df777dc178486f600c6e617

kpatch-name: 2.6.32/netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch
kpatch-description: netfilter: x_tables: make sure e->next_offset covers remaining blob size
kpatch-kernel: vzkernel-2.6.32-042stab116.2
kpatch-cve: CVE-2016-4997, CVE-2016-4998
kpatch-cvss: N/A
kpatch-cve-url: http://www.openwall.com/lists/oss-security/2016/06/24/5
kpatch-patch-url: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91

kpatch-name: 2.6.32/netfilter-x_tables-check-for-bogus-target-offset.patch
kpatch-description: netfilter: x_tables: check for bogus target offset
kpatch-kernel: vzkernel-2.6.32-042stab116.2
kpatch-cve: CVE-2016-4997, CVE-2016-4998
kpatch-cvss: N/A
kpatch-cve-url: http://www.openwall.com/lists/oss-security/2016/06/24/5
kpatch-patch-url: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c

kpatch-name: 2.6.32/IB-security-Restrict-use-of-the-write-interface.patch
kpatch-description: IB/security: Restrict use of the write() interface
kpatch-kernel: kernel-2.6.32-642.3.1.el6
kpatch-cve: CVE-2016-4565
kpatch-cvss: 6.9
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-4565
kpatch-patch-url: https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3

kpatch-name: 2.6.32/tcp-make-challenge-acks-less-predictable.patch
kpatch-description: tcp: make challenge acks less predictable
kpatch-kernel: >kernel-2.6.32-642.3.1.el6
kpatch-cve: CVE-2016-5696
kpatch-cvss: 5.8
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-5696
kpatch-patch-url: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758

kpatch-name: 2.6.32/tcp-make-challenge-acks-less-predictable.kpatch-1.patch
kpatch-description: tcp: make challenge acks less predictable
kpatch-kernel: >kernel-2.6.32-642.3.1.el6
kpatch-cve: CVE-2016-5696
kpatch-cvss: 5.8
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-5696
kpatch-patch-url: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758

kpatch-name: 2.6.32/KEYS-potential-uninitialized-variable-CVE-2016-4470.patch
kpatch-description: KEYS: potential uninitialized variable
kpatch-kernel: kernel-2.6.32-642.6.1.el6
kpatch-cve: CVE-2016-4470
kpatch-cvss: 6.9
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-4470
kpatch-patch-url: http://git.kernel.org/linus/38327424b40bcebe2de92d07312c89360ac9229a

kpatch-name: 2.6.32/hid-hiddev-validate-num_values-for-hidiocgusages-hidiocsusages.patch
kpatch-description: HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
kpatch-kernel: kernel-2.6.32-642.6.1.el6
kpatch-cve: CVE-2016-5829
kpatch-cvss: 6.9
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2016-5829
kpatch-patch-url: http://git.kernel.org/linus/93a2001bdfd5376c3dc2158653034c20392d15c5

kpatch-name: 2.6.32/0001-mm-remove-gup_flags-FOLL_WRITE-games-from-__get_user.patch
kpatch-description: mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
kpatch-kernel: >kernel-2.6.32-642.6.1.el6
kpatch-cve: CVE-2016-5195
kpatch-cvss: 6.9
kpatch-cve-url: https://access.redhat.com/security/cve/cve-2016-5195
kpatch-patch-url: https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619

kpatch-name: 2.6.32/proc-restrict-pagemap-access.patch
kpatch-description: Restrict access to pagemap/kpageflags/kpagecount
kpatch-kernel:
kpatch-cve:
kpatch-cvss:
kpatch-cve-url: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
kpatch-patch-url:

kpatch-name: 2.6.32/x86-kvm-vmx_vcpu_run-wrapper.patch
kpatch-description: vmx_vcpu_run wrapper
kpatch-kernel:
kpatch-cve:
kpatch-cvss:
kpatch-cve-url:
kpatch-patch-url:
  1. 08.12.2016 17:12:07
  2. # 6
Scott Mutter Accepted Answer
Posts: 56
Joined: 23.04.2014
0
Votes
Undo
The strange thing is, this was working just fine and then just all of a sudden stopped working.

And now it doesn\'t appear to be a high priority to get it back to working condition.
  1. 08.12.2016 19:12:02
  2. # 7
Igor Seletskiy Accepted Answer
Posts: 1200
Joined: 09.02.2010
0
Votes
Undo
Scott,

Sorry, we have the fix, but it is tied up with about 40 other patches -- there is a major revision of kcarectl coming to support \'smarter\' patch application - and it is taking us a bit longer to stabilize the userland part.
  1. 17.01.2017 10:01:33
  2. # 8
Igor Seletskiy Accepted Answer
Posts: 1200
Joined: 09.02.2010
0
Votes
Undo
Sorry, it got stuck in code reviews. Updated package was just released, and it should have --check fixed.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.