oracle Ksplice Uptrack实现linux零停机内核补丁升级

# rpm -ivh ksplice-uptrack-release.noarch.rpm

# yum -y install uptrack

Oracle Ksplice System Status

This interface is now using Oracle SSO accounts for authentication. Oracle‘s SSO accounts will allow you to have a single username and password for most Oracle services.

If you received your Access Key from ULN, you do not have to do anything. Use the link below to log in with your Oracle account.

If you are a legacy Ksplice customer and do not yet have an Oracle account, you will need to create one before you can log in. Your Oracle account must use an email address that is associated with your Ksplice account. Contact Ksplice Support if you have questions.

I need to create my Oracle SSO account.

I am ready to log in with my Oracle SSO account.

Red Hat and Oracle Linux Users

Oracle Linux and Red Hat Enterprise Linux users can try Ksplice free for 30 days. You can start your trial and experience zero-downtime updates in just a few minutes.

Installation instructions

To install Ksplice Uptrack, please run the following commands as root:

wget -N https://www.ksplice.com/uptrack/install-uptrack

sh install-uptrack d104ba79e80621e774156e582fbafb9ae3b5e793f65a0b55a8e22dca0c35599d

uptrack-upgrade -y

If you‘d like Ksplice Uptrack to automatically install updates as they become available, run:

sh install-uptrack d104ba79e80621e774156e582fbafb9ae3b5e793f65a0b55a8e22dca0c35599d --autoinstall

in place of the above install-uptrack command, or set "autoinstall = yes" in /etc/uptrack/uptrack.conf after installation.

accesskey = d104ba79e80621e774156e582fbafb9ae3b5e793f65a0b55a8e22dca0c35599d

Effective kernel version is 3.8.13-44.1.1.el6uek

The following steps will be taken:

Install [b9hqohyk] CVE-2014-5077: Remote denial-of-service in SCTP on simultaneous connections.

Install [kciixaoz] CVE-2014-3535: NULL pointer dereference in VxLAN packet logging.

Install [h5wecdm3] CVE-2014-3601: Denial-of-service in KVM page mapping.

Install [wchzb3dy] CVE-2014-4654, CVE-2014-4655: Missing validity checks in ALSA user controls.

Install [rknjux2h] CVE-2014-4653: Use after free in ALSA card controls.

Install [d16cfimj] CVE-2014-3611: Denial-of-service in KVM emulated programmable interval timer.

Install [1emd9koe] CVE-2014-3184: Invalid memory write in HID drivers.

Install [5tskivrn] CVE-2014-3185: Memory corruption in USB serial WhiteHEAD device driver.

Install [hncvf9bv] CVE-2014-3645 and CVE-2014-3646: KVM guest denial-of-service when using invalid opcodes.

Install [52rg9ul0] CVE-2014-3687: Remote denial-of-service in SCTP stack.

Install [ztshz6k2] CVE-2014-3673: Remote denial-of-service in SCTP stack.

Install [lrse39k8] Cluster deadlock during journal commit in OCFS2 filesystem.

Install [0q7yyk3e] I/O errors and spurious warning in BladeEngine 2 iSCSI driver.

Install [2c46e7uo] Device hang during cleanup in BladeEngine 2 iSCSI driver.

Install [54m33sa5] Invalid memory free when setting management address in BladeEngine 2 iSCSI driver.

Install [u84c5rdk] Use-after-free in netfilter xtables when copying counters to userspace.

Install [1ysj0myg] Soft lockup in huge page code when releasing huge TLB pool.

Install [1tmng4zr] Deadlock in USB serial driver when unloading the module.

Install [85dp2g0m] Divide-by-zero in TCP cubic congestion algorithm when computing delayed ack.

Install [ui0cnkoy] NULL pointer dereference in IPv6 netlink validation callback.

Install [i7ghh69t] Memory corruption when accessing a huge TLB of a copy-on-write page.

Install [9k103dsh] NULL pointer dereference in the filesystem stack when checking ACL.

Install [br4ufjly] Kernel panic in NFSv4 client allocation.

Install [fdfa54l8] Kernel crash in timer callback when destroying NFSv4 client.

Install [7gx1bcjz] Kernel BUG() in NFS daemon when setting ACL with no entries.

Install [u2vg2kgk] Use-after-free in NFSv4 daemon kernel implementation when releasing a state ID.

Install [7d42vydf] Use-after-free in libceph when sending pages over TCP.

Install [pfmujcbk] Use-after-free in memory management subsystem when releasing a VMA.

Install [n3efh5gv] CVE-2014-4014: Privilege escalation in user namespace.

Install [atq4edlz] NULL pointer dereference in Target Core Mod when reading from sysfs.

Install [dudt5tfl] Use-after-free in UDP stack in the fast transmit path.

Install [40dpjn5l] Kernel crash after freeing anonymous pages in memory management subsystem.

Install [3fqg40hl] Potential data corruption with memory-mapped files on Ext4 filesystem.

Install [opwwaxl3] Denial-of-service in EXT4 block allocation.

Install [wywz2vbx] Information leak in mcp ram disk.

Install [rcgt2rrp] Use-after-free in BTRFS extent writing.

Install [he9669oj] NULL pointer dereference in BTRFS device removal.

Install [68m9g9lg] Use-after-free in Micro PCIe SSDs block driver when unloading the module.

Install [t5456c7a] Memory leak in NFS filesystem when releasing a lock stateid.

Install [gl3fc7o0] Kernel panic in IP virtual server netfilter.

Install [huyperc4] Information leak in netfilter ULOG module.

Install [mp9z0fh3] Kernel crash in virtio scsi workqueue.

Install [wdc6hcga] NULL pointer dereference when probing non-FTDI devices.

Install [l6xoq5ft] Denial-of-service with TKIP on Ralink USB devices.

Install [yyefbwqc] Multiple denial-of-service problems in bluetooth code.

Install [6xv38tw8] Invalid memory reference in NFSv4 symlink decoding.

Install [ii44mo5l] Kernel panic during hugepage migration.

Install [y9anoniw] Use-after-free in mbind vma merge.

Install [i0pc6i0y] Multiple journal corruptions in the ext4 filesystem.

Install [0qifgsi6] CVE-2014-4171: Denial-of-service in shared memory when faulting into a hole while it‘s punched.

Install [8iczbx45] Memory leak in 8021q stack when re-ordering vlan headers.

Install [g64hrxp3] NULL pointer dereference in Broadcom BN2X ethernet driver under memory pressure.

Install [bsa434sc] Denial-of-service in TCP stack when pushing during TCP repair.

Install [d8vwuqeg] Information leak in the stream control transmission protocol stack.

Install [xs28o0u9] Out of bounds memory access in the DNS resolver when querying.

Install [kn3c2903] Memory leak in the Radeon display driver when retrieving the display modes.

Install [ehlv43kn] NULL pointer dereference in block control group queue draining.

Install [r8rkz947] Incorrect SELinux label in cryptographic sockets.

Install [tyk3fqid] NULL pointer dereference in 802.11 event tracing.

Install [sqohae2b] Deadlock in clockevent delta modification.

Install [zqvxy8qh] Kernel crash in Broadcom BNX2X driver during TCP offload.

Install [7a94z6c2] Denial-of-service in network sendmsg() calls.

Install [zsqnfrj5] Invalid memory access in network vectored I/O.

Install [bmxkb08h] Soft lockup after vcpu hot-remove in Xen PVM/HVM guests.

Install [t5nq18kr] Memory corruption XFS filesystem resizing.

Install [y5jfvo0v] Kernel crash when sending message in Oracle VM guest messaging driver.

Install [odnb5rlr] Memory leak in Oracle VM guest messaging driver.

Install [8urehj5h] Kernel oops when running out of Xen grant references

Install [4q3ev9x6] Memory leak when initialising ports in BladeEngine 2 iSCSI driver.

Install [f43vqxka] Memory corruption during device probing in BladeEngine 2 iSCSI driver.

Install [inim1x21] Kernel panic during BladeEngine 2 iSCSI adapter initialization.

Install [fkoxifyg] NULL pointer dereference during HP Smart Array SCSI device initialization.

Install [agwmhor4] Kernel BUG for 256-block data transfers in HP Smart Array SCSI driver.

Install [6gzs0lyj] Kernel hang in Broadcom Tigon3 ethernet driver.

Install [eofko4wq] Use-after-free in tg3 network driver stats.

Install [6khjynhq] Kernel hang in Broadcom NX2 network driver.

Install [fn3tyq9s] Kernel crash when receiving network event in Broadcom CNIC driver.

Install [upmz129f] Information leak in Broadcom Everest network driver.

Install [jxbttwug] Memory leak when removing Broadcom Everest network interface.

Install [epfpat8q] Fatal hardware error in Broadcom Everest network driver.

Install [vx3ofybf] Endless stream of errors when unloading Broadcom Everest network device.

Install [pcno7ml0] Kernel crash after EEH recovery in Broadcom Everest network driver.

Install [57e9xvte] NULL pointer dereference in Broadcom NetXtreme II driver.

Install [nya6gjqp] Memory leak in Broadcom NetXtreme II driver.

Install [7fcc82h2] Kernel crash in Broadcom NetXtreme II driver.

Install [5maph0zo] CVE-2014-3181: Memory corruption in Apple Magic Mouse USB driver.

Install [a2gzq71y] Kernel BUG during Emulex BladeEngine 2 network device shutdown.

Install [if2icqz4] Buffer overrun using Large Receive Offload in Mellanox VNIC driver.

Install [pfvhgt44] Second cluster deadlock during journal commit in OCFS2 filesystem.

Install [8yahm6zn] NULL pointer dereference during zero page writeback in OCFS2 filesystem.

Install [w0ycqxuw] Deadlock during port logins in Qlogic QLA2XXXX Fibre Channel driver.

Install [zaztb2k6] NULL pointer dereference in Qlogic QLA2XXXX Fibre Channel driver.

Install [f5vv1aiv] Stack corruption in Qlogic QLA2XXXX Fibre Channel driver.

Install [opaks6nn] Kernel crash during Qlogic QLA2XXXX Fibre Channel firmware loading.

Install [rcr2fwfu] Random timeouts in Qlogic QLCNIC SR-IOV network device.

Install [x8vi7jg6] Kernel crash during open() in Qlogic QLCNIC network device.

Install [0etwovum] Memory corruption in Qlogic QLCNIC network device when reporting statistics.

Install [nc78thrs] Multiple memory leaks in RPC over RDMA client support.

Install [raxlbhze] NULL pointer dereference during reconnect in RPC over RDMA client support.

Install [m494iulb] NULL pointer dereference in RPC over RDMA client support during GETACL request.

Install [1elo7qvy] Kernel crash during DMA in RPC over RDMA client driver.

Install [9o4ytjzs] Deadlock during filesystem removal in NVM Express block device driver.

Install [arw9264e] Invalid memory read in NVM Express block device I/O submission ioctl.

Install [j77dx1ko] Information leak in NVM Express block device ioctl.

Install [f8quvybg] Memory corruption when deleting NVM Express block device disks.

Install [g848xamo] NULL pointer dereference when closing connection in Emulex BladeEngine 2 driver.

Install [k0nkwglw] Kernel panic during shutdown in Emulex BladeEngine 2 driver.

Install [4109xiro] Kernel crash during Emulex LightPulse Fibre Channel driver unload.

Install [p4x4i1k0] Kernel panic in Emulex LightPulse Fibre Channel driver when aborting SCSI command.

Install [heiiom49] SLI data corruption in Emulex LightPulse Fibre Channel driver.

Install [xibjfk0h] Memory leak during HBA reset in Emulex LightPulse Fibre Channel driver.

Install [40nibjqs] Use of uninitialized memory during bitmap init in Emulex LightPulse Fibre Channel driver.

Install [a6rup16y] Kernel crash when shutting down QLogic NetXen ethernet adapter.

Install [3cz8j2j4] Device hang when shutting down QLogic NetXen ethernet adapter.

Install [h2ts58f6] CVE-2014-3688: Remote denial-of-service in SCTP stack by memory exhaustion.

Install [swq3mpuy] CVE-2014-3186: Memory corruption in PicoLCD USB driver.

Install [9og9y18j] CVE-2014-4652: Arbitrary memory disclosure in ALSA user controls.

Install [7eb3d34w] CVE-2014-4027: Information leak in iSCSI Target ramdisk transport.

Install [xj8ix80y] CVE-2014-4656: ALSA Control ID overflow.

Install [ba9k5rfj] CVE-2014-3182: Invalid memory read in HID Logitech driver.

Install [vtujkei9] CVE-2014-6410: Denial of service in UDF filesystem parsing.

Install [906qltr0] CVE-2014-9090, CVE-2014-9322: Privilege escalation in double-fault handling on bad stack segment.

Install [oz33swxn] CVE-2014-5471, CVE-2014-5472: Privilege escalation in ISO filesystem implementation.

[root@ol6u612csingle soft]#

# uptrack-show

Installed updates:

None

Effective kernel version is 3.8.13-44.1.1.el6uek

#uptrack-show –available

Available updates:

[b9hqohyk] CVE-2014-5077: Remote denial-of-service in SCTP on simultaneous connections.

……

[oz33swxn] CVE-2014-5471, CVE-2014-5472: Privilege escalation in ISO filesystem implementation.

Effective kernel version is 3.8.13-44.1.1.el6uek

#uptrack-upgrade -y

# uptrack-show

Installed updates:

[b9hqohyk] CVE-2014-5077: Remote denial-of-service in SCTP on simultaneous connections.

……

[oz33swxn] CVE-2014-5471, CVE-2014-5472: Privilege escalation in ISO filesystem implementation.

Effective kernel version is 3.8.13-55.1.2.el6uek

autoinstall = yes

[root@ol6u612csingle ~]# uptrack-uname -a

Linux ol6u612csingle 3.8.13-55.1.2.el6uek.x86_64 #2 SMP Thu Dec 18 00:15:51 PST 2014 x86_64 x86_64 x86_64 GNU/Linux

[root@ol6u612csingle ~]# uname -a

Linux ol6u612csingle 3.8.13-44.1.1.el6uek.x86_64 #2 SMP Wed Sep 10 06:10:25 PDT 2014 x86_64 x86_64 x86_64 GNU/Linux

uptrack-uname

Ksplice Uptrack does not change the output of uname, and uname will continue to reflect the version of the kernel into which a machine was booted.

Instead, once you install updates, use uptrack-uname to see what effective kernel a machine is running. uptrack-uname has the same format as uname and supports the common uname flags, including -r and -a.

Before installing updates, the original kernel and effective kernel are the same, and uname and uptrack-uname report the same information:

After installing updates, uptrack-uname reflects the updated running kernel:

Ksplice Uptrack updates your running kernel in memory. We recommended that, in addition to using Ksplice, you continue to use your package manager to update the kernel on disk as new kernels become available. That way, if a reboot becomes necessary (e.g. power loss or a hardware upgrade) you have the option of booting into a newer kernel. Under this plan, you would install all the updates available via both Ksplice Uptrack and your package manager.

ol6u612csingle (192.168.2.190)

Up to date! (123 installed)

Yes

Oracle Unbreakable Enterprise Kernel 3

3.8.13-44.1.1.el6uek

3.8.13-55.1.2.el6uek

1.2.12