Livepatch

Revision 22 as of 2017-11-30 20:08:40

Clear message

Kernel Livepatch

This is a collection of notes and FAQs for the Canonical Livepatch Service. That page has a general introduction, data sheet and the ability to sign up for the service.

System Requirements

Ubuntu release

Arch

Kernel Version

Kernel Variants

Ubuntu 16.04 LTS

64-bit x86

4.4

GA generic and lowlatency kernel variants only

Ubuntu 14.04 LTS

64-bit x86

4.4

Hardware Enablement kernel only

Additionally, network access to the Canonical Livepatch Service (https://livepatch.canonical.com:443) and the latest version of snapd (at least 2.15) are needed.

Security Notices

Livepatch Security Notices (LSN) are only available by subscribing to the Ubuntu Security Announcements mailing list. LSNs will be released for:

  • Announcing a new livepatch.
  • An alert if a livepatch cannot be released describing why. In that event, a standard Ubuntu security notice (USN) will be released with packages along side it.

NOTE You must subscribe to the mailing list. The USN RSS Feed, CVE tracker, and other services do not know about Livepatch Security Notices.

FAQ

What kinds of updates will be provided by the Canonical Livepatch Service?

The Livepatch Service intends to address high and critical severity Linux kernel security vulnerabilities, as identified by Ubuntu Security Notices and the CVE tracker. Since there are limitations to the kernel livepatch technology, some Linux kernel code paths cannot be safely patched while running. There may be occasions when the traditional kernel upgrade and reboot might still be necessary.