Livepatch

Differences between revisions 17 and 18
Revision 17 as of 2017-11-23 16:33:21
Size: 1761
Editor: alexmoldovan
Comment:
Revision 18 as of 2017-11-23 16:34:55
Size: 1760
Editor: alexmoldovan
Comment:
Deletions are marked like this. Additions are marked like this.
Line 11: Line 11:
When a Livepatch is released, it is announced as a LSN in the [[https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce|Ubuntu Security Announcements]] mailing list. If a high/critical Kernel CVE is not able to be livepatched, a LSN notice will still go out to describing why. A normal [[https://usn.ubuntu.com/usn/|Ubuntu security notice]] (USN) will be released with packages along side it. Subscribe to the mailing list to get notified of USN and Kernel Live Patch Security Notice (LSN) notifications. When a Livepatch is released, it is announced as a Kernel Live Patch Security Notice (LSN)in the [[https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce|Ubuntu Security Announcements]] mailing list. If a high/critical Kernel CVE is not able to be livepatched, a LSN notice will still go out to describing why. A normal [[https://usn.ubuntu.com/usn/|Ubuntu security notice]] (USN) will be released with packages along side it. Subscribe to the mailing list to get notified of USN and LSN notifications.

Overview

The Canonical Livepatch Service is Available to all Ubuntu Advantage customers, and also for personal use for free up to a maximum of three Ubuntu 16.04 LTS and 14.04 LTS systems. It updates your Ubuntu your systems with the highest and most critical security vulnerabilities, without requiring a reboot in order to take effect.

System Requirements

The Livepatch service is available for the generic flavour of the 64-bit Intel/AMD (aka, x86_64, amd64) builds of the Ubuntu 16.04 LTS (Xenial) kernel, which is a Linux 4.4 kernel, as well as Ubuntu 14.04 LTS running the Linux 4.4 Hardware Enablement kernel. It works with unmodified Ubuntu kernels on Ubuntu 16.04 LTS and 14.04 LTS Servers and Desktops, on physical machines, virtual machines, and in the cloud. As mentioned before, Ubuntu 14.04 LTS systems must use the Hardware Enablement kernel. Additionally, network access to the Canonical Livepatch Service (https://livepatch.canonical.com:443) and the latest version of snapd (at least 2.15) are needed.

How to get security notices for Livepatch

When a Livepatch is released, it is announced as a Kernel Live Patch Security Notice (LSN)in the Ubuntu Security Announcements mailing list. If a high/critical Kernel CVE is not able to be livepatched, a LSN notice will still go out to describing why. A normal Ubuntu security notice (USN) will be released with packages along side it. Subscribe to the mailing list to get notified of USN and LSN notifications.

FAQ

What kinds of updates will be provided by the Canonical Livepatch Service?

Kernel/Livepatch (last edited 2021-10-21 19:14:00 by nmavrogiannopoulos)