Choosing a Ksplice Client
You have the option to choose between the Ksplice Enhanced Client and the Ksplice Uptrack Client.
Table 2-1 Features Supported by Each Ksplice Client
| Ksplice Client | User Space Support | x86_64 Support | Arm (aarch64) Support | Known Exploit Detection Support | Legacy Compatibility (Pre-acquisition customers) |
|---|---|---|---|---|---|
|
Ksplice Enhanced Client |
Supported |
Supported |
Supported |
Supported on x86_64 platform only |
Not supported |
|
Ksplice Uptrack Client |
Not supported |
Supported |
Supported |
Not supported |
Supported |
For legacy compatibility, Oracle continues to support kernels for various Linux distributions for pre-acquisition customers. For more information, see https://ksplice.oracle.com/legacy#supported-kernels.
About the Ksplice Enhanced Client
The Ksplice Enhanced Client provides more functionality than the Ksplice Uptrack Client.
In addition to the kernel updates that are applied by the Uptrack Client, the Enhanced Client
can patch in-memory pages for the Ksplice-aware glibc and
openssl shared libraries for user space processes. User space patching can
install bug fixes and protect the system against security vulnerabilities without restarting
processes and services.
Key features of the Enhanced Client include:
- Kernel and user space updates (the Uptrack Client only supports kernel updates)
- Known exploit detection
- Online and offline mode
- Use of the
ksplicecommand
Note:
The Enhanced Client shares the same configuration file as the Uptrack Client, which is the /etc/uptrack/uptrack.conf file. For more information about this file, see unresolvable-reference.html#ol_ksplice_config.
About the Ksplice Uptrack Client
Ksplice Uptrack can apply the latest kernel security errata for Common Vulnerabilities and Exposures (CVEs) without halting the system or restarting any applications. Ksplice Uptrack applies the updated patches in the background with negligible impact, and only requires a pause of a few milliseconds.
Key features of the Uptrack Client include:
- Kernel updates (to also apply user space updates, consider the Ksplice Enhanced Client instead)
- Online and offline mode
- Use of the
uptrackcommand
About Ksplice Offline Mode
You can use either the Ksplice Enhanced Client or Ksplice Uptrack Client in offline mode. The
offline version doesn't require a direct connection to the Oracle Uptrack server or to ULN.
For example, you could use the yum command to install an update package
directly from a memory stick. However, a more typical method would be to configure a local ULN mirror that acts as a mirror for the
Ksplice-aware ULN channels. Then, you can configure systems to receive yum
and Ksplice updates.
Oracle bundles all available Ksplice updates for each supported kernel version or user space package into an RPM that's specific to that version. Oracle updates this package every time a new Ksplice patch becomes available for the kernel. You can download the latest Ksplice update packages to the local ULN server periodically. Then, the Ksplice server can connect to the local server to receive updates without requiring direct access to the Oracle Uptrack server.
Offline mode doesn't support:
- Ksplice web interface
- Ksplice Uptrack API
Important:
If you have booted the most recent available kernel and no Ksplice updates are available, an offline update RPM for that kernel might not yet exist. Offline update RPMs are made available shortly after the kernel releases. However, these RPMs might require more time to synchronize with the local repository that you have set up.
For more information, see: