How can you deliver the continuous services when patching the security vulnerabilities in the kernel or userspace? With Oracle Ksplice, you simply apply the patch without rebooting, and running applications and processes are unaffected.
Usually you wait for the Linux provider to validate the specific number of Common Vulnerabilities and Exposures (CVE), and you wait for the patch with the security fixes from your Linux provider. Then you need to take a specific amount of downtime to patch vulnerability.
When you run a large cloud infrastructure to provide different services to many end users, the situation is even more severe. You have to take considerable amount time to coordinate the planned downtime in order to meet the security compliance.
For Oracle Cloud Infrastructure customers, Oracle Ksplice has been installed by default for Oracle Linux instances launched after Aug 25, 2017. For example, with the new instances of Oracle Linux 7.4 and Oracle Linux 6.9, all you need to do is to use uptrack-upgrade to apply the Ksplice update, and your Oracle Linux instance is up to date with all the latest security fixes.
For your private cloud deployment, you follow the instructions to install Ksplice Uptrack.
Once Ksplice Uptrack is installed, use uptrack-upgrade to manage Ksplice updates. In this example, one of my systems is running Oracle Linux 7.4 with the latest UEK Release 4.
# uptrack-upgrade Nothing to be done. Your kernel is fully up to date. Effective kernel version is 4.1.12-103.3.8.el7uek
My other system is running Oracle Linux 7.4 with Red Hat Compatible Kernel, which happened to have a few security updates available.
# uptrack-upgrade -y The following steps will be taken: Install [ttxccu8y] Clear garbage data on the kernel stack when handling signals. Install [5mxblk5t] Provide an interface to freeze tasks. Install [a3xzvifc] Memory leak in the Non Volatile Memory Express driver when releasing an IO buffer. Install [o1yci987] Use-after-free when disabling an IPSec tunnel. Install [at46n734] NULL pointer dereference in Chelsio Ethernet driver when setting up DMA queues. Installing [ttxccu8y] Clear garbage data on the kernel stack when handling signals. Installing [5mxblk5t] Provide an interface to freeze tasks. Installing [a3xzvifc] Memory leak in the Non Volatile Memory Express driver when releasing an IO buffer. Installing [o1yci987] Use-after-free when disabling an IPSec tunnel. Installing [at46n734] NULL pointer dereference in Chelsio Ethernet driver when setting up DMA queues. Your kernel is fully up to date. Effective kernel version is 3.10.0-693.2.1.el7
If you have Oracle Linux Premier Support subscriptions, you can log into status-ksplice.oracle.com to view the status of your registered systems, the patches that have been applied, and the patches that are available. You can also create access control groups for your registered systems.
For Oracle VM customers, you can visit My Oracle Support Document ID 2115501.1 - Oracle VM - Using Ksplice Uptrack.
For Oracle Exadata customers, you can visit My Oracle Support Document ID 2207063.1 - HOWTO: Install ksplice kernel updates for Exadata Database Nodes.
Watch the demo to learn more about Oracle Ksplice.