Livepatch

Differences between revisions 19 and 21 (spanning 2 versions)
Revision 19 as of 2017-11-23 16:35:17
Size: 1761
Editor: alexmoldovan
Comment:
Revision 21 as of 2017-11-23 17:15:00
Size: 2314
Editor: alexmoldovan
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= IN PROGRESS =
Line 11: Line 13:
When a Livepatch is released, it is announced as a Kernel Live Patch Security Notice (LSN) in the [[https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce|Ubuntu Security Announcements]] mailing list. If a high/critical Kernel CVE is not able to be livepatched, a LSN notice will still go out to describing why. A normal [[https://usn.ubuntu.com/usn/|Ubuntu security notice]] (USN) will be released with packages along side it. Subscribe to the mailing list to get notified of USN and LSN notifications. When a Livepatch is released, it is announced as a Kernel Live Patch Security Notice (LSN) in the [[https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce|Ubuntu Security Announcements]] mailing list. If a high/critical Kernel CVE is not able to be livepatched, a LSN notice will still go out to describing why. A normal [[https://usn.ubuntu.com/usn/|Ubuntu security notice]] (USN) will be released with packages along side it. Subscribe to the mailing list to get USN and LSN notifications.
Line 15: Line 17:
== What kinds of updates will be provided by the Canonical Livepatch Service? == === What kinds of updates will be provided by the Canonical Livepatch Service? ===

The Livepatch Service intends to address high and critical severity Linux kernel security vulnerabilities, as identified by Ubuntu Security Notices and the [[https://people.canonical.com/~ubuntu-security/cve/|CVE]] tracker. Since there are limitations to the [[https://github.com/torvalds/linux/blob/master/Documentation/livepatch/livepatch.txt|kernel livepatch technology]], some Linux kernel code paths cannot be safely patched while running. There may be occasions when the traditional kernel upgrade and reboot might still be necessary.

IN PROGRESS

Overview

The Canonical Livepatch Service is Available to all Ubuntu Advantage customers, and also for personal use for free up to a maximum of three Ubuntu 16.04 LTS and 14.04 LTS systems. It updates your Ubuntu your systems with the highest and most critical security vulnerabilities, without requiring a reboot in order to take effect.

System Requirements

The Livepatch service is available for the generic flavour of the 64-bit Intel/AMD (aka, x86_64, amd64) builds of the Ubuntu 16.04 LTS (Xenial) kernel, which is a Linux 4.4 kernel, as well as Ubuntu 14.04 LTS running the Linux 4.4 Hardware Enablement kernel. It works with unmodified Ubuntu kernels on Ubuntu 16.04 LTS and 14.04 LTS Servers and Desktops, on physical machines, virtual machines, and in the cloud. As mentioned before, Ubuntu 14.04 LTS systems must use the Hardware Enablement kernel. Additionally, network access to the Canonical Livepatch Service (https://livepatch.canonical.com:443) and the latest version of snapd (at least 2.15) are needed.

How to get security notices for Livepatch

When a Livepatch is released, it is announced as a Kernel Live Patch Security Notice (LSN) in the Ubuntu Security Announcements mailing list. If a high/critical Kernel CVE is not able to be livepatched, a LSN notice will still go out to describing why. A normal Ubuntu security notice (USN) will be released with packages along side it. Subscribe to the mailing list to get USN and LSN notifications.

FAQ

What kinds of updates will be provided by the Canonical Livepatch Service?

The Livepatch Service intends to address high and critical severity Linux kernel security vulnerabilities, as identified by Ubuntu Security Notices and the CVE tracker. Since there are limitations to the kernel livepatch technology, some Linux kernel code paths cannot be safely patched while running. There may be occasions when the traditional kernel upgrade and reboot might still be necessary.

azzar1/Kernel/Livepatch (last edited 2019-01-29 15:51:42 by azzar1)