KernelCare Blog - CloudLinux Blog - Page 4
KernelCare Blog

The KernelCare "Extra" Patchset for CentOS 6 & 7 with symlink protection is here

The KernelCare "Extra" Patchset for CentOS 6 & 7 with symlink protection is here

The KernelCare "Extra" Patchset for CentOS 6 & 7 with symlink protection is here
The KernelCare extra patchset includes all the security fixes from KernelCare for CentOS 6 and CentOS 7, as well as the symlink protection against a symlink race. A symlink race attack is often used against shared hosting servers. It allows a malicious user to serve files that belong to other users by creating a symbolic link to those files. It is ...
Continue reading
Recent Comments
Igor Seletskiy
Make sure you have the latest version of kernelcare. Do yum update kernelcare --> it should help.
Wednesday, 23 August 2017 02:07
Igor Seletskiy
It is only for CentOS. CloudLinux OS doesn't need that patch, as it is already included into native kernel.
Wednesday, 23 August 2017 02:08
Igor Seletskiy
kcarectl --set-patch-type default
Wednesday, 23 August 2017 12:12
  10280 Hits
  17 Comments
New privilege escalation vulnerability found in Linux kernel

New privilege escalation vulnerability found in Linux kernel

New privilege escalation vulnerability found in Linux kernel
A race condition in Linux kernel was disclosed today, August 3rd, 2017 (see CVE-2017-7533 ). It can be exploited to allows an unprivileged local user to gain root access to the server. Currently, there is an existing working exploit allowing privileges escalation for 32 bit kernels. It is unclear whether such exploit exists for 64 bit kernels, but ...
Continue reading
  4704 Hits
  0 Comments
LibCare, a toolset for livepatching of user space software, is now available as Open Source on GitHub
Tags:

LibCare, a toolset for livepatching of user space software, is now available as Open Source on GitHub

LibCare, a toolset for livepatching of user space software, is now available as Open Source on GitHub
I am super thrilled to let you know that we have published a toolset for livepathing of user space software , called LibCare, to GitHub. It is released under the GPL2 license and allows software developers to develop and apply patches to their running software without the need to restart it. Similar to our commercially available KernelCare service,...
Continue reading
  3213 Hits
  1 Comment
Major vulnerability: The Stack Clash security issue found that affects most Linux kernels
Tags:

Major vulnerability: The Stack Clash security issue found that affects most Linux kernels

Major vulnerability: The Stack Clash security issue found that affects most Linux kernels
[Last updated Jun 22, 12:05PM PDT] A new major local privilege escalation vulnerability in the Linux kernel was disclosed yesterday, June 19th, 2017 (CVE-2017-1000364). The vulnerability can be exploited to allows an unprivileged local user to gain root access to the server. The Qualys' security advisory shows practical methods for circumventing an...
Continue reading
Recent Comments
Igor Seletskiy
Yes, we will notify as it hits production. We just pushed CL7/CL6Hybrid patches to test. If anyone can test by running: kcarectl -... Read More
Tuesday, 20 June 2017 21:08
Igor Seletskiy
CentOS5 is EOL and new patches will not be added.
Wednesday, 21 June 2017 12:07
Igor Seletskiy
CL7 / CL6hybrid is out CL6 should be added in 6-8 hours
Wednesday, 21 June 2017 12:08
  15404 Hits
  14 Comments
KernelCare is now available in ISPmanager Lite
Tags:

KernelCare is now available in ISPmanager Lite

KernelCare is now available in ISPmanager Lite
ISPsystem resellers can enable resale of KernelCare directly to their customers In the beginning of April, ISPsystem has offered KernelCare for purchase directly from their control panel, and now it is also available for users of ISPmanager Lite. ISPmanager Lite provides a rich feature set for managing websites, creating users, handling domains, em...
Continue reading
  2700 Hits
  0 Comments
“Out with the old, in with the new” initiative continues - new customer support experience ahead
Tags:

“Out with the old, in with the new” initiative continues - new customer support experience ahead

“Out with the old, in with the new” initiative continues - new customer support experience ahead
Post updated on April 25th, 2017 Dear CloudLinux Customer, I would like to share with you another upgrade CloudLinux is making as part of the “Out with the old, in with the new” initiative. First, a bit of background. For years, our helpdesk tool allowed us to handle tens of thousands of support tickets that customers send us. No matter the type of...
Continue reading
Recent Comments
Dmitry Oronov
I am sorry for the inconvenience. Based on your feedback, and a few other customers, we’ve decided to allow access to the new Zend... Read More
Tuesday, 18 April 2017 18:05
  3782 Hits
  2 Comments
Endurance implemented rebootless updates with KernelCare
Tags:

Endurance implemented rebootless updates with KernelCare

Endurance implemented rebootless updates with KernelCare
A few days ago, Endurance has announced that they have implemented KernelCare to keep their servers secure and limit interruptions. Endurance is a leading provider of cloud-based platform solutions, and they have deployed KernelCare rebootless update service on shared and dedicated web servers for the Endurance family of brands including HostGator ...
Continue reading
  1501 Hits
  0 Comments
Issues caused by the latest KernelCare update and what we will do to ensure it never happens again

Issues caused by the latest KernelCare update and what we will do to ensure it never happens again

Issues caused by the latest KernelCare update and what we will do to ensure it never happens again
UPDATE: Mar 30 - 10am pacific timezone. 24h feed was updated with the same issue due to technician incorrectly removing "at" job. This has been fixed shortly, but some systems have been affected. We want to apologize for the KernelCare incident that affected some of our customers yesterday. Unfortunately, the bug in POSIX ACL patch for CVE-2016-709...
Continue reading
Recent Comments
Igor Seletskiy
Thank you for the suggestion. We will implement such global controls. Right now this can be done using config file & AUTO_UPDATE s... Read More
Thursday, 30 March 2017 11:34
Igor Seletskiy
I want to personally apologize for that. It was suggested during initial half hour by one of our team members, but I chose not to ... Read More
Thursday, 30 March 2017 11:45
Igor Seletskiy
I am finally back in US - and that makes things a little easier from logistics standpoint. To all those who are rightfully pissed... Read More
Saturday, 01 April 2017 03:36
  4105 Hits
  15 Comments

Issues caused by the latest KernelCare update

We’ve received reports that our latest patchset affected some CentOS/CloudLinux/OpenVZ 6 kernels. We’ve immediately rolled back the patch, have evaluated the issue and identified the cause to prevent issues in the future releases. Please accept our apologies and standby for additional updates on the cause of the issue. Igor Seletskiy
  1605 Hits
  0 Comments
Major vulnerability CVE-2017-2647 found in Linux kernels that affects CentOS, RHEL, CloudLinux OS 6 & 7

Major vulnerability CVE-2017-2647 found in Linux kernels that affects CentOS, RHEL, CloudLinux OS 6 & 7

Major vulnerability CVE-2017-2647 found in Linux kernels that affects CentOS, RHEL, CloudLinux OS 6 & 7
A new major local privilege escalation vulnerability in the Linux kernel was just disclosed (see CVE-2017-2647 ). As reported, it’s a null pointer dereference vulnerability that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL by an unprivileged local user. It is possible that an attacker could crash the system or ...
Continue reading
  1965 Hits
  0 Comments