CloudLinux - KernelCare News - CloudLinux Blog
Blog
KernelCare fixes Meltdown and Spectre without reboots!

KernelCare fixes Meltdown and Spectre without reboots!

KernelCare fixes Meltdown and Spectre without reboots!
KernelCare now live patches Meltdown and Spectre (spectre-v1) that exploit critical vulnerabilities in modern processors. The list of supported distributions is available below. Free trial supports updates too.By now, you might have thought that the topic of Meltdown and Spectre vulnerabilities is taking a backstage in the news. Not so, as the impa...
Продолжить чтение
Последние комментарии
Guest — Eric Caldwell
What blog page do we need to tune into for the CL6 KC patches?
06.02.2018 18:52
Alexandre Parubochyi
Please follow https://cloudlinux.com/cloudlinux-os-blog/entry/intel-cpu-bug-kernelcare-and-cloudlinux... Read More
06.02.2018 19:30
Guest — Stéphan Schamp
Keep getting: # kcarectl -u Updates already downloaded Unable to apply patch (/var/cache/kcare/4796c6a424d5f4abf9482d4e335a60d79... Read More
07.02.2018 09:54
  12087 просмотров
  17 Комментариев
Intel CPU Bug - Meltdown and Spectre - KernelCare and CloudLinux

Intel CPU Bug - Meltdown and Spectre - KernelCare and CloudLinux

Intel CPU Bug - Meltdown and Spectre - KernelCare and CloudLinux
Update [May 29, 2018 12:25am PT]Meltdown fixes for Ubuntu 16.04 are now on test.To deploy them:edit /etc/sysconfig/kcare/kcare.confAdd:PREFIX=testRun:kcarectl --updateTAGNAME: update-2018-05-29-test-1ubuntu-xenial:  CVE-2017-5754: Systems with microprocessors utilizing speculative execution and    indirect branch prediction may allow...
Продолжить чтение
Последние комментарии
Guest — Richard Hordern
A bit more info has been recently published here: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ I... Read More
03.01.2018 21:02
Guest — Miguel
When do you expect to have a solution?still waiting
04.01.2018 19:10
Guest — somebody
I just want to say thanks for your outstanding work. I hope there will be soon patches for kernelcare, specially for OpenVZ and Ce... Read More
04.01.2018 22:26
  107005 просмотров
  147 Комментариев
KernelCare crashes on CloudLinux 7 & CloudLinux 6 Hybrid

KernelCare crashes on CloudLinux 7 & CloudLinux 6 Hybrid

KernelCare crashes on CloudLinux 7 & CloudLinux 6 Hybrid
Updated: Dec 7, 2017, 8AM PTOur previous patch provided the fix of ext4 bug with KernelCare included a bug in unpatch. The bug was triggered by latest patch, and caused some number of servers to crash. The effect of the bug is that servers that use ext4 will crash. If they didn't crash - they will not crash now.Note that the new patch that triggere...
Продолжить чтение
Последние комментарии
Guest — Rodrigo Gomes
I'm going to migrate to Cloudlinux today from CentOS 7. I already have KernelCare installed on CentOS with extra symlink protectio... Read More
07.12.2017 20:14
Guest — Irina
You should not worry, CentOS kernels are NOT affected.
08.12.2017 06:33
Guest — Aleksei
When you migrate to CloudLinux, you will receive latest kernel, which is not affected. So please proceed with the migration.... Read More
11.12.2017 13:51
  5407 просмотров
  8 Комментариев
The Symlink Protection patchset is available for free for CentOS 6 & 7, even if you are not running KernelCare
Теги:

The Symlink Protection patchset is available for free for CentOS 6 & 7, even if you are not running KernelCare

The Symlink Protection patchset is available for free for CentOS 6 & 7, even if you are not running KernelCare
A few weeks ago we released the KernelCare "Extra" Patchset with the security fixes and the symlink protection available to all KernelCare customers running CentOS kernels. Today we are pleased to share that you can get the Symlink Protection Patchset for CentOS 6 and 7 at no cost, even if you don’t have licenses of KernelCare.We’ve been discussing...
Продолжить чтение
Последние комментарии
Guest — Youssef B.
Thank you, But it doesn't work for me. .. Running Transaction Installing : kernelcare-2.13-1.x86_64 ... Read More
04.10.2017 23:44
Igor Seletskiy
sorry, it should have been: kcarectl --set-patch-type free
05.10.2017 00:49
Guest — Micheal
Thank you for this support. Are patches disabled in kernel updates we made manually?
05.10.2017 21:32
  41254 просмотров
  95 Комментариев
The KernelCare "Extra" Patchset for CentOS 6 & 7 with symlink protection is here

The KernelCare "Extra" Patchset for CentOS 6 & 7 with symlink protection is here

The KernelCare "Extra" Patchset for CentOS 6 & 7 with symlink protection is here
The KernelCare extra patchset includes all the security fixes from KernelCare for CentOS 6 and CentOS 7, as well as the symlink protection against a symlink race.A symlink race attack is often used against shared hosting servers. It allows a malicious user to serve files that belong to other users by creating a symbolic link to those files. It is o...
Продолжить чтение
Последние комментарии
Guest — john
not working for me, plus you type some of it wrong kcarectl --set-patch-type extra --update usage: kcarectl [-h] [-i] [-u] [--un... Read More
22.08.2017 19:19
Igor Seletskiy
Make sure you have the latest version of kernelcare. Do yum update kernelcare --> it should help.
23.08.2017 02:07
Guest — adm
kcarectl --set-patch-type extra --update 'extra' patch type selected Downloading updates HTTP Error 404: Not Found, Retrying in 3 ... Read More
22.08.2017 20:07
  19272 просмотров
  17 Комментариев
Issues caused by the latest KernelCare update and what we will do to ensure it never happens again

Issues caused by the latest KernelCare update and what we will do to ensure it never happens again

Issues caused by the latest KernelCare update and what we will do to ensure it never happens again
UPDATE: Mar 30 - 10am pacific timezone. 24h feed was updated with the same issue due to technician incorrectly removing "at" job. This has been fixed shortly, but some systems have been affected.We want to apologize for the KernelCare incident that affected some of our customers yesterday. Unfortunately, the bug in POSIX ACL patch for CVE-2016-7097...
Продолжить чтение
Последние комментарии
Guest — Marco
Hello, you should have a system where we can manage our servers. So we can change all our servers to manually updating instead of... Read More
30.03.2017 09:44
Igor Seletskiy
Thank you for the suggestion. We will implement such global controls. Right now this can be done using config file & AUTO_UPDATE s... Read More
30.03.2017 11:34
Guest — Pissed Customer
Hello we´re not happy about you kind of communication! We recognized server crashes and was NOT informed by you, that we have to ... Read More
30.03.2017 09:52
  8596 просмотров
  15 Комментариев

Issues caused by the latest KernelCare update

We’ve received reports that our latest patchset affected some CentOS/CloudLinux/OpenVZ 6 kernels. We’ve immediately rolled back the patch, have evaluated the issue and identified the cause to prevent issues in the future releases. Please accept our apologies and standby for additional updates on the cause of the issue.Igor Seletskiy
  3742 просмотров
  0 Комментариев
The KernelCare Update: The patch to fix CVE-2016-8655 exploit is here!

The KernelCare Update: The patch to fix CVE-2016-8655 exploit is here!

The KernelCare Update: The patch to fix CVE-2016-8655 exploit is here!
A new vulnerability CVE-2016-8655 in the Linux kernel was discovered yesterday by Philip Pettersson. It is a race-condition in Linux (net/packet/af_packet.c) that can be exploited to gain kernel code execution from unprivileged processes. This exploit may lead to a privilege escalation, cause a denial of service attacks (server crash) and informati...
Продолжить чтение
  5733 просмотров
  0 Комментариев
New vulnerability discovered - the fix for CVE-2016-8655 for CloudLinux OS 7 is here with KernelCare

New vulnerability discovered - the fix for CVE-2016-8655 for CloudLinux OS 7 is here with KernelCare

New vulnerability discovered - the fix for CVE-2016-8655 for CloudLinux OS 7 is here with KernelCare
The patch for CloudLinux OS 7 is here if you are running KernelCare. Fixed CloudLinux OS 7 kernel is coming soon. CloudLinux OS 5 & 6 are not affected.A new vulnerability CVE-2016-8655 in the Linux kernel was discovered by Philip Pettersson. It is a race-condition in Linux (net/packet/af_packet.c) that can be exploited to gain kernel code execu...
Продолжить чтение
  5586 просмотров
  0 Комментариев
Managing KernelCare with Puppet
Теги:

Managing KernelCare with Puppet

Managing KernelCare with Puppet
By guest author Christian ReißIf you haven’t felt it before: when Dirty Cow hit you did. The Linux Kernel is rock solid, proven but also has security issues. In this case: Root rights for everyone! And on top of that this bug is so trivially easy to exploit (several proof-of-concepts are out there that can easily converted into a life, working gun)...
Продолжить чтение
  6506 просмотров
  0 Комментариев