Friday, May 26, 2017

KSplice Uptrack - kernel updating is necessary, not optional

Even on Black Lab Linux, with its ever-vigilant development squad.
KSplice is an Oracle utility, primarily designed for Linux servers that need frequent patching but can't afford even the the momentary downtime of a reboot.
Roberto J. Dohnert has incorporated this utility at the desktop level to give the desktop user of his Enterprise Desktop a similar ability to update-minus-reboot. I'm using an earlier IoT (InternetofThings) build optimized for single-board systems, which doesn't include KSplice by default. So to install it, I downloaded the .deb from this link and installed it using Gdebi :

After installation, launch the program and from the Accessories -> System submenu in Xfce or Accessories menu in MATE, System Tools submenu. You will be prompted to enter the admin / sudo password and KSplice will begin searching its database :

After installation completes, the utility will open and show available updates to the kernel. Detailed view shows recent patches such as CVE-2017-7308, memory corruption in AF_PACKET socket options. The last sentence in the description of the Common Vulnerability Exposure is cuts to the heart of the matter "A local user could this flaw to elevate privileges." More information can be found here and  here. Linux, because of its basic security model, is a more hardened platform than Windows, but privilege-escalation exploits are the most persistent threat that a Linux server admin or (less likely) desktop user faces. And this is the end result :

Check out Black Lab, it's stable, well-designed and secure. And if you're using a different distro, download KSplice here. Linux has a smaller attack surface, and the average user is unlikely to be hacked, but ransomware and malware are constantly changing threats whose vector can't be anticipated; secure now doesn't necessarily mean secure always.

No comments:

Welcome to PC/OpenSystems LLC

PC/OpenSystems LLC. is dedicated to providing top customer service including integration, providing Linux compatible hardware and enterprise desktop software solutions. We provide solutions tailored to your needs whether its building systems to suit your needs. Whether its a custom database solution, providing Linux powered PC and Server Solutions. Whatever you need you can rest assured that PC/OpenSystems LLC. will deliver a high performance and stable product

PC/OpenSystems LLC. Web Search

About PC/OpenSystems LLC.

PC/OpenSystems LLC. is a small consulting firm and the only Linux retailer in NC for Linux PC's and custom systems located in Franklinton North Carolina. We specialize in hardware repair and we resell custom Linux based computers, software maintenance as well as custom application development.