KernelCare Blog

Running InfiniBand hardware? Your servers might be vulnerable.

Running InfiniBand hardware? Your servers might be vulnerable.

Running InfiniBand hardware? Your servers might be vulnerable.
Recently a flaw was found in Linux kernel 2.6.32 that allows local users to escalate their privileges for servers with InfiniBand.    If your servers have InfiniBand and you are running CentOS/RedHat/CloudLinux 6, Virtuozzo/OpenVZ, Proxmox 2.x WITHOUT KernelCare, you are vulnerable. We recommend you update and reboot your kernels to resol...
Continue reading
  1603 Hits
  0 Comments
New vulnerability makes it easy to escape from the container

New vulnerability makes it easy to escape from the container

New vulnerability makes it easy to escape from the container
CVE-2016-4997 and CVE-2016-4998 were issued for a vulnerability that lets user inside container to escalate priveleges and escape the containment. The issue affects Virtuozzo, OpenVZ, LXC and Docker containers. If you are running KernelCare -- your servers are already patched, and safe. If you have yet to deploy KernelCare -- please, make sure...
Continue reading
  3763 Hits
  2 Comments
Hackers are using local DoS attack using CVE-2016-4581 against hosting provider

Hackers are using local DoS attack using CVE-2016-4581 against hosting provider

Hackers are using local DoS attack using CVE-2016-4581 against hosting provider
Distributions have yet to patch CVE-2016-4581 in CentOS/RHEL/CloudLinux 7 kernels. At the same time, the vulnerability is already known to be used in attacks against hosting providers to crash servers. We are working hard to release new CloudLinux 7 kernel that fixes this bug.  Yet, if you want to be protected now, the fix is already avai...
Continue reading
  3012 Hits
  0 Comments
How to reduce downtime of managed servers - Liquid Web knows
Tags:

How to reduce downtime of managed servers - Liquid Web knows

How to reduce downtime of managed servers - Liquid Web knows
Liquid Web rolls out KernelCare to 20K managed servers Liquid Web is one of the most well-respected companies in web hosting. Their 30,000+ customers rely on Liquid Web’s deep technical expertise and a variety of high-performance servers and hosting products. Rolling out KernelCare to 20,000 of their managed servers only attests to their commitment...
Continue reading
  3298 Hits
  1 Comment
Ubuntu LTS 16.04 includes livepatch - now what?
Tags:

Ubuntu LTS 16.04 includes livepatch - now what?

Ubuntu LTS 16.04 includes livepatch - now what?
Livepatch, a technology to apply patches to a running kernel, has been available for some time. Now Ubuntu LTS 16.04 became the first major Linux distribution to enable it in their kernel. We’ve been asked what this really means, and does it make KernelCare obsolete? The answer is: not at all. Yes, the technology to apply the patches is here (after...
Continue reading
  5198 Hits
  0 Comments
How to use a single key to register multiple KernelCare servers
Tags:

How to use a single key to register multiple KernelCare servers

How to use a single key to register multiple KernelCare servers
KernelCare is often deployed on a large number of servers. Adding those servers one by one is a hassle. In that case, KernelCare key can be used to deploy and register multiple servers at once. Registration is still straightforward: $ kcarectl --register YOUR_KEY The key can be obtained from CLN (see image above). The same key can be used for all t...
Continue reading
  5471 Hits
  0 Comments
KernelCare supports many distributions, but does it work with your kernel?

KernelCare supports many distributions, but does it work with your kernel?

KernelCare supports many distributions, but does it work with your kernel?
We often get a question whether a particular kernel is supported by KernelCare. We support a large number of distributions and kernel versions, such as CentOS/RHEL/CL 5,6 & 7, Debian, Ubuntu, Virtuozzo & Proxmox VE. List of all supported distributions, kernels, as well as patches for them is available at http://patches.kernelcare.com . Yet,...
Continue reading
Recent Comments
WisiKlo WisiKlo
Please, try now. This has been fixed.
Saturday, 23 April 2016 17:50
WisiKlo WisiKlo
The version you have is 3.16.0.x The earliest we support is 3.16.7 sorry ... Read More
Saturday, 07 May 2016 22:35
WisiKlo WisiKlo
Actually - you are right, it should be supported, let me try/double check.
Saturday, 07 May 2016 22:36
  7762 Hits
  24 Comments
Rackspace rebooted their Docker servers, maybe something they could have avoided?
Tags:

Rackspace rebooted their Docker servers, maybe something they could have avoided?

Rackspace rebooted their Docker servers, maybe something they could have avoided?
A few days ago, the Rackspace’s Carina team have undergone a scheduled maintenance update to address multiple issues in the Linux kernel which affected Carina users. The fix required a reboot, and the team worked diligently on updating all the docker servers to rectify the issue. Though it took a little longer than anticipated, the job was complete...
Continue reading
Recent Comments
WisiKlo WisiKlo
Docker doesn't even have suspend / resume mechanism for now. CRIU should allow that soon -- but not yet, at least not production q... Read More
Saturday, 30 April 2016 16:17
  5412 Hits
  5 Comments
Debian 7 & 8 kernels patched to latest with KernelCare

Debian 7 & 8 kernels patched to latest with KernelCare

Debian 7 & 8 kernels patched to latest with KernelCare
Debian 7 kernels updated to linux-3.2.73-2+deb7u3 Debian 8 kernels updated to linux-3.16.7-ckt20-1+deb8u4   Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare. conf will automatically update, and no action is needed for them. You can manually update the server by running: # /usr/bin/kcarectl --update Changelog: deb...
Continue reading
  3089 Hits
  0 Comments
KernelCare prevents from attacks fast - releases patches sometimes even before the native OS updates its kernel
Tags:

KernelCare prevents from attacks fast - releases patches sometimes even before the native OS updates its kernel

KernelCare prevents from attacks fast - releases patches sometimes even before the native OS updates its kernel
You might say that KernelCare lags slightly behind the upstream distributions of patches. This, however, is normal, and regardless of the delay, most of the time you will be protected by KernelCare much faster than you would do the reboot yourself. The main cause of such delay is that upstream does not disclose the vulnerability until updated kerne...
Continue reading
  2296 Hits
  0 Comments