Livepatch

Differences between revisions 14 and 17 (spanning 3 versions)
Revision 14 as of 2017-11-23 15:09:18
Size: 1358
Editor: alexmoldovan
Comment:
Revision 17 as of 2017-11-23 16:33:21
Size: 1761
Editor: alexmoldovan
Comment:
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
= System Requirements = == System Requirements ==
Line 7: Line 7:
The Livepatch service is available for the generic flavour of the 64-bit Intel/AMD (aka, x86_64, amd64) builds of the Ubuntu 16.04 LTS (Xenial) kernel, which is a Linux 4.4 kernel, as well as Ubuntu 14.04 LTS running the Linux 4.4 [[https://wiki.ubuntu.com/Kernel/LTSEnablementStack|Hardware Enablement kernel]]. It works on Ubuntu 16.04 LTS and 14.04 LTS Servers and Desktops, on physical machines, virtual machines, and in the cloud. As mentioned before, Ubuntu 14.04 LTS systems must use the Hardware Enablement kernel. The Livepatch service is available for the generic flavour of the 64-bit Intel/AMD (aka, x86_64, amd64) builds of the Ubuntu 16.04 LTS (Xenial) kernel, which is a Linux 4.4 kernel, as well as Ubuntu 14.04 LTS running the Linux 4.4 [[https://wiki.ubuntu.com/Kernel/LTSEnablementStack|Hardware Enablement kernel]]. It works with unmodified Ubuntu kernels on Ubuntu 16.04 LTS and 14.04 LTS Servers and Desktops, on physical machines, virtual machines, and in the cloud. As mentioned before, Ubuntu 14.04 LTS systems must use the Hardware Enablement kernel. Additionally, network access to the Canonical Livepatch Service (https://livepatch.canonical.com:443) and the latest version of snapd (at least 2.15) are needed.
Line 9: Line 9:
= How to get security notices for Livepatch = == How to get security notices for Livepatch ==
Line 11: Line 11:
in progress: Subscribe to the [[https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce|security-announce]] mailing list. When a Livepatch is released, it is announced as a LSN in the [[https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce|Ubuntu Security Announcements]] mailing list. If a high/critical Kernel CVE is not able to be livepatched, a LSN notice will still go out to describing why. A normal [[https://usn.ubuntu.com/usn/|Ubuntu security notice]] (USN) will be released with packages along side it. Subscribe to the mailing list to get notified of USN and Kernel Live Patch Security Notice (LSN) notifications.
Line 13: Line 13:
= FAQ = == FAQ ==
Line 15: Line 15:
== What other requirements are needed? ==
Using an unmodified Ubuntu kernel and network access to the Canonical Livepatch Service (https://livepatch.canonical.com:443). You also will need to apt update/upgrade to the latest version of snapd (at least 2.15).
== What kinds of updates will be provided by the Canonical Livepatch Service? ==

Overview

The Canonical Livepatch Service is Available to all Ubuntu Advantage customers, and also for personal use for free up to a maximum of three Ubuntu 16.04 LTS and 14.04 LTS systems. It updates your Ubuntu your systems with the highest and most critical security vulnerabilities, without requiring a reboot in order to take effect.

System Requirements

The Livepatch service is available for the generic flavour of the 64-bit Intel/AMD (aka, x86_64, amd64) builds of the Ubuntu 16.04 LTS (Xenial) kernel, which is a Linux 4.4 kernel, as well as Ubuntu 14.04 LTS running the Linux 4.4 Hardware Enablement kernel. It works with unmodified Ubuntu kernels on Ubuntu 16.04 LTS and 14.04 LTS Servers and Desktops, on physical machines, virtual machines, and in the cloud. As mentioned before, Ubuntu 14.04 LTS systems must use the Hardware Enablement kernel. Additionally, network access to the Canonical Livepatch Service (https://livepatch.canonical.com:443) and the latest version of snapd (at least 2.15) are needed.

How to get security notices for Livepatch

When a Livepatch is released, it is announced as a LSN in the Ubuntu Security Announcements mailing list. If a high/critical Kernel CVE is not able to be livepatched, a LSN notice will still go out to describing why. A normal Ubuntu security notice (USN) will be released with packages along side it. Subscribe to the mailing list to get notified of USN and Kernel Live Patch Security Notice (LSN) notifications.

FAQ

What kinds of updates will be provided by the Canonical Livepatch Service?

azzar1/Kernel/Livepatch (last edited 2019-01-29 15:51:42 by azzar1)