CVE-2016-4997 and CVE-2016-4998 were issued for a vulnerability that lets user inside container to escalate priveleges and escape the containment. The issue affects Virtuozzo, OpenVZ, LXC and Docker containers. If you are running KernelCare -- your servers are already patched, and safe. If you have yet to deploy KernelCare -- please, make sure...

Distributions have yet to patch CVE-2016-4581 in CentOS/RHEL/CloudLinux 7 kernels. At the same time, the vulnerability is already known to be used in attacks against hosting providers to crash servers. We are working hard to release new CloudLinux 7 kernel that fixes this bug.  Yet, if you want to be protected now, the fix is already avai...

Liquid Web rolls out KernelCare to 20K managed servers Liquid Web is one of the most well-respected companies in web hosting. Their 30,000+ customers rely on Liquid Web’s deep technical expertise and a variety of high-performance servers and hosting products. Rolling out KernelCare to 20,000 of their managed servers only attests to their commitment...

Livepatch, a technology to apply patches to a running kernel, has been available for some time. Now Ubuntu LTS 16.04 became the first major Linux distribution to enable it in their kernel. We’ve been asked what this really means, and does it make KernelCare obsolete? The answer is: not at all. Yes, the technology to apply the patches is here (after...

KernelCare is often deployed on a large number of servers. Adding those servers one by one is a hassle. In that case, KernelCare key can be used to deploy and register multiple servers at once. Registration is still straightforward: $ kcarectl --register YOUR_KEY The key can be obtained from CLN (see image above). The same key can be used for all t...

We often get a question whether a particular kernel is supported by KernelCare. We support a large number of distributions and kernel versions, such as CentOS/RHEL/CL 5,6 & 7, Debian, Ubuntu, Virtuozzo & Proxmox VE. List of all supported distributions, kernels, as well as patches for them is available at http://patches.kernelcare.com. Yet, ...

Debian 7 kernels updated to linux-3.2.73-2+deb7u3 Debian 8 kernels updated to linux-3.16.7-ckt20-1+deb8u4 Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare. conf will automatically update, and no action is needed for them. You can manually update the server by running: # /usr/bin/kcarectl --updateChangelog:debian7...

You might say that KernelCare lags slightly behind the upstream distributions of patches. This, however, is normal, and regardless of the delay, most of the time you will be protected by KernelCare much faster than you would do the reboot yourself. The main cause of such delay is that upstream does not disclose the vulnerability until updated kerne...

I cannot say that I am not proud of the fact that our customer install base has grown so substantially. In the past year, KernelCare has more than tripled server installs and is still CloudLinux’s fastest growing product. Companies like Dell and LiquidWeb have deployed KernelCare to keep thousands of their Linux servers secure with all the latest k...

Ksplice is a technology that updates kernels with important security patches without the need to reboot. After its acquisition by Oracle, it is now offered as part of the Oracle Linux Premier Support. KernelCare is distribution-agnostic and supports Oracle Linux kernels, as well as CentOS, CloudLinux OS, Debian, RedHat, Virtuozzo, and others.&...