Oracle Linux and Ksplice - the Linux distribution with minimal downtime

The recent Dirty COW vulnerability (CVE-2016-5195) highlighted the need for zero-downtime updates - this was a vulnerability that has been present in the Linux kernel for many years, was actively being exploited and could result in a system being easily compromised.  The traditional means of closing this vulnerability would be to install a new kernel and reboot it, but new kernels take time to release, and the disruption of rebooting and the time spent to roll this out across...

Friday, November 4, 2016 | Ksplice | Read More

CVE-2016-5195/Dirty COW and Ksplice

Last week a serious Linux kernel vulnerability, CVE-2016-5195, nicknamed Dirty COW was announced.  This was a longstanding bug and affected most kernels that are running and was actively being exploited to escalate privileges on real Linux systems.  As soon as the bug was disclosed and the patch was released, the Ksplice team were quickly building and testing zero-downtime updates for over 5,000 supported kernels, in many cases making the fix available as a Ksplice update...

Monday, October 24, 2016 | Ksplice | Read More

Fixing Security Vulnerabilities in Linux

Security vulnerabilities are some of the hardest bugs to discover yet they can have the largest impact. At Ksplice, we spend a lot of time looking at security vulnerabilities and seeing how they are fixed. We use automated tools such as the Trinity syscall fuzzer and the Kernel Address Sanitizer (KASan) to aid our process. In this blog post we'll go over some case studies of recent vulnerabilities and show you how you can avoid them in your code. CVE-2013-7339 and CVE-2014-267...

Wednesday, July 22, 2015 | Ksplice | Read More

Ksplice SNMP Plugin

The Ksplice team is happy to announce the release of an SNMP plugin for Ksplice, available today on the Unbreakable Linux Network. The plugin will let you use Oracle Enterprise Manager to monitor the status of Ksplice on all of your systems, but it will also work with any monitoring solution that is SNMP compatible. Installation You'll find the plugin on Ksplice channel for your distribution and architecture. For Oracle Linux 6 on x86_64 that's ol6_x86_64_ksplice. Install the...

Wednesday, January 29, 2014 | Ksplice | Read More

Best Practice: Ksplice Deployment

Ksplice is designed to work in many different computing environments. Because upgrading the kernel on any running system is a hassle, we want you to be able to deploy Ksplice as widely as possible. As a consequence of this, there are a number of ways to set up a Ksplice installation for your Oracle Linux infrastructure. As the first part of a series of articles on Ksplice best practices, we've published a guide to deploying Ksplice on the Oracle Technology Network. This guide...

Monday, October 14, 2013 | Ksplice | Read More

CVE-2013-2224: Denial of service in sendmsg().

In September 2012, CVE-2012-3552 was reported which could allow an attacker to corrupt slab memory which could lead to a denial-of-service or possible privilege escalation depending on the target machine workload.  This bug had originally been fixed in the mainline kernel in April 2011 and was a fairly large patch for a security fix.  The RedHat backport for this fix introduced a new bug which has been assigned CVE-2013-2224 which again could allow for a denial-of-service or...

Thursday, August 8, 2013 | Ksplice | Read More
 

Visit the Oracle Blog

 

Contact Us

Oracle

Integrated Cloud Applications & Platform Services