CloudLinux - KernelCare News - CloudLinux Blog
Blog
KernelCare fixes Meltdown and Spectre without reboots!

KernelCare fixes Meltdown and Spectre without reboots!

KernelCare fixes Meltdown and Spectre without reboots!
KernelCare now live patches Meltdown and Spectre (spectre-v1) that exploit critical vulnerabilities in modern processors. The list of supported distributions is available below. Free trial supports updates too. By now, you might have thought that the topic of Meltdown and Spectre vulnerabilities is taking a backstage in the news. Not so, as the imp...
Continue reading
Recent Comments
Guest — Eric Caldwell
What blog page do we need to tune into for the CL6 KC patches?
Tuesday, 06 February 2018 18:52
Alexandre Parubochyi
Please follow https://cloudlinux.com/cloudlinux-os-blog/entry/intel-cpu-bug-kernelcare-and-cloudlinux... Read More
Tuesday, 06 February 2018 19:30
Guest — Stéphan Schamp
Keep getting: # kcarectl -u Updates already downloaded Unable to apply patch (/var/cache/kcare/4796c6a424d5f4abf9482d4e335a60d79... Read More
Wednesday, 07 February 2018 09:54
  13367 Hits
  17 Comments
Intel CPU Bug - Meltdown and Spectre - KernelCare and CloudLinux

Intel CPU Bug - Meltdown and Spectre - KernelCare and CloudLinux

Intel CPU Bug - Meltdown and Spectre - KernelCare and CloudLinux
Update [May 29, 2018 12:25am PT] Meltdown fixes for Ubuntu 16.04 are now on test. To deploy them:edit /etc/sysconfig/kcare/kcare.conf Add:PREFIX=test Run:kcarectl --update TAGNAME: update-2018-05-29-test-1ubuntu-xenial:  CVE-2017-5754: Systems with microprocessors utilizing speculative execution and    indirect branch prediction may ...
Continue reading
Recent Comments
Guest — Richard Hordern
A bit more info has been recently published here: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ I... Read More
Wednesday, 03 January 2018 21:02
Guest — Miguel
When do you expect to have a solution?still waiting
Thursday, 04 January 2018 19:10
Guest — somebody
I just want to say thanks for your outstanding work. I hope there will be soon patches for kernelcare, specially for OpenVZ and Ce... Read More
Thursday, 04 January 2018 22:26
  111373 Hits
  147 Comments
KernelCare crashes on CloudLinux 7 & CloudLinux 6 Hybrid

KernelCare crashes on CloudLinux 7 & CloudLinux 6 Hybrid

KernelCare crashes on CloudLinux 7 & CloudLinux 6 Hybrid
Updated: Dec 7, 2017, 8AM PT Our previous patch provided the fix of ext4 bug with KernelCare included a bug in unpatch. The bug was triggered by latest patch, and caused some number of servers to crash. The effect of the bug is that servers that use ext4 will crash. If they didn't crash - they will not crash now. Note that the new patch that trigge...
Continue reading
Recent Comments
Guest — Rodrigo Gomes
I'm going to migrate to Cloudlinux today from CentOS 7. I already have KernelCare installed on CentOS with extra symlink protectio... Read More
Thursday, 07 December 2017 20:14
Guest — Irina
You should not worry, CentOS kernels are NOT affected.
Friday, 08 December 2017 06:33
Guest — Aleksei
When you migrate to CloudLinux, you will receive latest kernel, which is not affected. So please proceed with the migration.... Read More
Monday, 11 December 2017 13:51
  6071 Hits
  8 Comments
The Symlink Protection patchset is available for free for CentOS 6 & 7, even if you are not running KernelCare
Tags:

The Symlink Protection patchset is available for free for CentOS 6 & 7, even if you are not running KernelCare

The Symlink Protection patchset is available for free for CentOS 6 & 7, even if you are not running KernelCare
A few weeks ago we released the KernelCare "Extra" Patchset with the security fixes and the symlink protection available to all KernelCare customers running CentOS kernels. Today we are pleased to share that you can get the Symlink Protection Patchset for CentOS 6 and 7 at no cost, even if you don’t have licenses of KernelCare. We’ve been discussin...
Continue reading
Recent Comments
Guest — Youssef B.
Thank you, But it doesn't work for me. .. Running Transaction Installing : kernelcare-2.13-1.x86_64 ... Read More
Wednesday, 04 October 2017 23:44
Igor Seletskiy
sorry, it should have been: kcarectl --set-patch-type free
Thursday, 05 October 2017 00:49
Guest — Micheal
Thank you for this support. Are patches disabled in kernel updates we made manually?
Thursday, 05 October 2017 21:32
  46375 Hits
  95 Comments
The KernelCare "Extra" Patchset for CentOS 6 & 7 with symlink protection is here

The KernelCare "Extra" Patchset for CentOS 6 & 7 with symlink protection is here

The KernelCare "Extra" Patchset for CentOS 6 & 7 with symlink protection is here
The KernelCare extra patchset includes all the security fixes from KernelCare for CentOS 6 and CentOS 7, as well as the symlink protection against a symlink race. A symlink race attack is often used against shared hosting servers. It allows a malicious user to serve files that belong to other users by creating a symbolic link to those files. It is ...
Continue reading
Recent Comments
Guest — john
not working for me, plus you type some of it wrong kcarectl --set-patch-type extra --update usage: kcarectl [-h] [-i] [-u] [--un... Read More
Tuesday, 22 August 2017 19:19
Igor Seletskiy
Make sure you have the latest version of kernelcare. Do yum update kernelcare --> it should help.
Wednesday, 23 August 2017 02:07
Guest — adm
kcarectl --set-patch-type extra --update 'extra' patch type selected Downloading updates HTTP Error 404: Not Found, Retrying in 3 ... Read More
Tuesday, 22 August 2017 20:07
  20233 Hits
  17 Comments
Issues caused by the latest KernelCare update and what we will do to ensure it never happens again

Issues caused by the latest KernelCare update and what we will do to ensure it never happens again

Issues caused by the latest KernelCare update and what we will do to ensure it never happens again
UPDATE: Mar 30 - 10am pacific timezone. 24h feed was updated with the same issue due to technician incorrectly removing "at" job. This has been fixed shortly, but some systems have been affected. We want to apologize for the KernelCare incident that affected some of our customers yesterday. Unfortunately, the bug in POSIX ACL patch for CVE-2016-709...
Continue reading
Recent Comments
Guest — Marco
Hello, you should have a system where we can manage our servers. So we can change all our servers to manually updating instead of... Read More
Thursday, 30 March 2017 09:44
Igor Seletskiy
Thank you for the suggestion. We will implement such global controls. Right now this can be done using config file & AUTO_UPDATE s... Read More
Thursday, 30 March 2017 11:34
Guest — Pissed Customer
Hello we´re not happy about you kind of communication! We recognized server crashes and was NOT informed by you, that we have to ... Read More
Thursday, 30 March 2017 09:52
  9451 Hits
  15 Comments

Issues caused by the latest KernelCare update

We’ve received reports that our latest patchset affected some CentOS/CloudLinux/OpenVZ 6 kernels. We’ve immediately rolled back the patch, have evaluated the issue and identified the cause to prevent issues in the future releases. Please accept our apologies and standby for additional updates on the cause of the issue. Igor Seletskiy
  4301 Hits
  0 Comments
The KernelCare Update: The patch to fix CVE-2016-8655 exploit is here!

The KernelCare Update: The patch to fix CVE-2016-8655 exploit is here!

The KernelCare Update: The patch to fix CVE-2016-8655 exploit is here!
A new vulnerability CVE-2016-8655 in the Linux kernel was discovered yesterday by Philip Pettersson. It is a race-condition in Linux (net/packet/af_packet.c) that can be exploited to gain kernel code execution from unprivileged processes. This exploit may lead to a privilege escalation, cause a denial of service attacks (server crash) and informati...
Continue reading
  6478 Hits
  0 Comments
New vulnerability discovered - the fix for CVE-2016-8655 for CloudLinux OS 7 is here with KernelCare

New vulnerability discovered - the fix for CVE-2016-8655 for CloudLinux OS 7 is here with KernelCare

New vulnerability discovered - the fix for CVE-2016-8655 for CloudLinux OS 7 is here with KernelCare
The patch for CloudLinux OS 7 is here if you are running KernelCare. Fixed CloudLinux OS 7 kernel is coming soon. CloudLinux OS 5 & 6 are not affected. A new vulnerability CVE-2016-8655 in the Linux kernel was discovered by Philip Pettersson. It is a race-condition in Linux (net/packet/af_packet.c) that can be exploited to gain kernel code exec...
Continue reading
  6579 Hits
  0 Comments
Managing KernelCare with Puppet

Managing KernelCare with Puppet

Managing KernelCare with Puppet
By guest author Christian Reiß If you haven’t felt it before: when Dirty Cow hit you did. The Linux Kernel is rock solid, proven but also has security issues. In this case: Root rights for everyone! And on top of that this bug is so trivially easy to exploit (several proof-of-concepts are out there that can easily converted into a life, working gun...
Continue reading
  7411 Hits
  0 Comments