Feb 14, 2008  More like this: Linux Kernel v2.6 Local Root Exploit vmsplice Found; Ksplice: Patch The Linux Kernel Without Rebooting System; FreeBSD Kernel.

Most Solaris recomended patch clusters come in either 32- or 64-bit versions. How do you find out which one is appropriate for your platform. Use the isainfo command.

The kernel upgrade activity was completed on UNIX, Linux environment. The steps will be similar as on Windows environment – the differences will be the kernel.

Yesterday, I wrote about a serious Linux kernel bug and fix. However, few readers like to know about patching running Linux kernel. Patching production kernel is a risky business. Following procedure will help you to fix the problem. Step 1: Make sure your product is affected

First find out if your product is affected by reported exploit. For example, vmsplice but only affects RHEL 5.x but RHEL 4.x,3.x, and 2.1.x are not affected at all. You can always obtain this information by visiting vendors bug reporting system called bugzilla. Also make sure bug affects your architectures. For example, a bug may only affect 64 bit or 32 bit platform.Step 2: Apply patch

You better apply and test patch in a test environment. Please note that some vendors such as Redhat and Suse modifies or backports kernel. So it is good idea to apply patch to their kernel source code tree. Otherwise you can always grab and apply patch to latest kernel version.Step 3: How do I apply kernel patch.WARNING. These instructions require having the skills of a sysadmin. Personally, I avoid recompiling any kernel unless absolutely necessary. Most our production boxes over 1400 are powered by mix of RHEL 4 and 5. Wrong kernel option can disable hardware or may not boot system at all. If you don t understand the internal kernel dependencies don t try this on a production box.

Change directory to your kernel source code:

cd linux-2.6.xx.yy

Download and save patch file as fix.vmsplice.exploit.patch:

cat fix.vmsplice.exploit.patch

Output:--- a/fs/splice.c

b/fs/splice.c

-1234,7 1234,7 static int get_iovec_page_array const struct iovec __user iov,

if unlikely. len

break;

error -EFAULT;

- if unlikely. base

if . access_ok VERIFY_READ, base, len

/

Now apply patch using patch command, enter:

patch

Now recompile and install Linux kernel.

I hope this quick and dirty guide will save someones time. On a related note Erek has unofficial patched RPMs for CentOS / RHEL distros. Share this on.

Overview of Solaris Patch Types and Dependencies. Lynne Thompson, November 2007. This document provides an overview of patch types. Also, this document describes the.

Answer: Installation times vary depending on several issues: Current recommended patch clusters can be very large and certain patches, such as the kernel patch, have.