KernelCare now live patches Meltdown and Spectre (spectre-v1) that exploit critical vulnerabilities in modern processors. The list of supported distributions is available below. Free trial supports updates too. By now, you might have thought that the topic of Meltdown and Spectre vulnerabilities is taking a backstage in the news. Not so, as the imp...

Update [May 29, 2018 12:25am PT] Meltdown fixes for Ubuntu 16.04 are now on test. To deploy them:edit /etc/sysconfig/kcare/kcare.conf Add:PREFIX=test Run:kcarectl --update TAGNAME: update-2018-05-29-test-1ubuntu-xenial:  CVE-2017-5754: Systems with microprocessors utilizing speculative execution and    indirect branch prediction may ...

Updated: Dec 7, 2017, 8AM PT Our previous patch provided the fix of ext4 bug with KernelCare included a bug in unpatch. The bug was triggered by latest patch, and caused some number of servers to crash. The effect of the bug is that servers that use ext4 will crash. If they didn't crash - they will not crash now. Note that the new patch that trigge...

A few weeks ago we released the KernelCare "Extra" Patchset with the security fixes and the symlink protection available to all KernelCare customers running CentOS kernels. Today we are pleased to share that you can get the Symlink Protection Patchset for CentOS 6 and 7 at no cost, even if you don’t have licenses of KernelCare. We’ve been discussin...

The KernelCare extra patchset includes all the security fixes from KernelCare for CentOS 6 and CentOS 7, as well as the symlink protection against a symlink race. A symlink race attack is often used against shared hosting servers. It allows a malicious user to serve files that belong to other users by creating a symbolic link to those files. It is ...

UPDATE: Mar 30 - 10am pacific timezone. 24h feed was updated with the same issue due to technician incorrectly removing "at" job. This has been fixed shortly, but some systems have been affected. We want to apologize for the KernelCare incident that affected some of our customers yesterday. Unfortunately, the bug in POSIX ACL patch for CVE-2016-709...

We’ve received reports that our latest patchset affected some CentOS/CloudLinux/OpenVZ 6 kernels. We’ve immediately rolled back the patch, have evaluated the issue and identified the cause to prevent issues in the future releases. Please accept our apologies and standby for additional updates on the cause of the issue. Igor Seletskiy

A new vulnerability CVE-2016-8655 in the Linux kernel was discovered yesterday by Philip Pettersson. It is a race-condition in Linux (net/packet/af_packet.c) that can be exploited to gain kernel code execution from unprivileged processes. This exploit may lead to a privilege escalation, cause a denial of service attacks (server crash) and informati...

The patch for CloudLinux OS 7 is here if you are running KernelCare. Fixed CloudLinux OS 7 kernel is coming soon. CloudLinux OS 5 & 6 are not affected. A new vulnerability CVE-2016-8655 in the Linux kernel was discovered by Philip Pettersson. It is a race-condition in Linux (net/packet/af_packet.c) that can be exploited to gain kernel code exec...

By guest author Christian Reiß If you haven’t felt it before: when Dirty Cow hit you did. The Linux Kernel is rock solid, proven but also has security issues. In this case: Root rights for everyone! And on top of that this bug is so trivially easy to exploit (several proof-of-concepts are out there that can easily converted into a life, working gun...