在传统情况下,Linux的内核升级,需要重启操作系统才生效。Oracle收购ksplice之后(Ksplice创立于2008年,在2009年07月01日,Ksplice Uptrack发布,用于Linux核心无需重启机器的情况下更新内核,甲骨文在2011年7月21日宣布完成对Ksplice的并购),把Ksplice的功能列入到了付费用户的基本服务项目,她可以动态地应用内核与安全补丁等升级,实现零停机,对应用不产生中断影响,是依赖Ksplice Uptrack实现的。如果排除硬件的影响外,系统可以永远运行下去
登录ksplice网址获取30天的试用
https://status-ksplice.oracle.com/status/trial/
注意:你需要注册oracle的SSO账号,如果没有的话。成功后,你会收到安装指导。当然如果是Oracle的付费用户,就不需要试用了,可以直接使用
To install Ksplice Uptrack, please run the following commands as root: wget -N https://www.ksplice.com/uptrack/install-uptrack sh install-uptrack 5cb81cb0359f6c3dcf0a9d10bfee7550a46ed4860368d615913cf30c5ef7e868 uptrack-upgrade -y If you'd like Ksplice Uptrack to automatically install updates as they become available, run: sh install-uptrack 5cb81cb0359f6c3dcf0a9d10bfee7550a46ed4860368d615913cf30c5ef7e868 --autoinstall in place of the above install-uptrack command, or set "autoinstall = yes" in /etc/uptrack/uptrack.conf after installation. If installing on a Debian or Ubuntu machine, you may first need to install the ca-certificates package with apt-get install ca-certificates. Without this package you will see a "certificate verification error".
安装uptrack
[root@ovm ~]# wget -N https://www.ksplice.com/uptrack/install-uptrack --2016-10-05 11:23:13-- https://www.ksplice.com/uptrack/install-uptrack Resolving www.ksplice.com... 137.254.56.32 Connecting to www.ksplice.com|137.254.56.32|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 9377 (9.2K) [text/plain] Saving to: “install-uptrack” 100%[==============================================>] 9,377 42.7K/s in 0.2s 2016-10-05 11:23:14 (42.7 KB/s) - “install-uptrack” saved [9377/9377] [root@ovm ~]# ls -l install-uptrack -rw-r--r--. 1 root root 9377 Apr 18 11:07 install-uptrack [root@ovm ~]# sh install-uptrack 5cb81cb0359f6c3dcf0a9d10bfee7550a46ed4860368d615913cf30c5ef6d868 [ Release detected: ol ] --2016-10-05 11:23:44-- https://www.ksplice.com/yum/uptrack/ol/ksplice-uptrack-release.noarch.rpm Resolving www.ksplice.com... 137.254.56.32 Connecting to www.ksplice.com|137.254.56.32|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 6876 (6.7K) [application/x-rpm] Saving to: “ksplice-uptrack-release.noarch.rpm” 100%[=============================================>] 6,876 --.-K/s in 0s 2016-10-05 11:23:45 (32.7 MB/s) - “ksplice-uptrack-release.noarch.rpm” saved [6876/6876] [ Installing Uptrack ] warning: ksplice-uptrack-release.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID 16c083cd: NOKEY Preparing packages for installation... ksplice-uptrack-release-1-3 Loaded plugins: refresh-packagekit, security, ulninfo Setting up Install Process docker-main-repo | 2.9 kB 00:00 dockerrepo | 2.9 kB 00:00 ksplice-uptrack | 951 B 00:00 ksplice-uptrack/primary | 4.5 kB 00:00 ksplice-uptrack 16/16 Resolving Dependencies --> Running transaction check ---> Package uptrack.noarch 0:1.2.38-0.el6 will be installed --> Processing Dependency: uptrack-PyYAML for package: uptrack-1.2.38-0.el6.noarch --> Running transaction check ---> Package uptrack-PyYAML.x86_64 0:3.08-4.el6 will be installed --> Processing Dependency: uptrack-libyaml >= 0.1.3-1 for package: uptrack-PyYAML-3.08-4.el6.x86_64 --> Running transaction check ---> Package uptrack-libyaml.x86_64 0:0.1.4-1.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================== Package Arch Version Repository Size ============================================================================== Installing: uptrack noarch 1.2.38-0.el6 ksplice-uptrack 497 k Installing for dependencies: uptrack-PyYAML x86_64 3.08-4.el6 ksplice-uptrack 143 k uptrack-libyaml x86_64 0.1.4-1.el6 ksplice-uptrack 48 k Transaction Summary ============================================================================= Install 3 Package(s) Total download size: 688 k Installed size: 2.1 M Downloading Packages: (1/3): uptrack-1.2.38-0.el6.noarch.rpm | 497 kB 00:35 (2/3): uptrack-PyYAML-3.08-4.el6.x86_64.rpm | 143 kB 00:10 (3/3): uptrack-libyaml-0.1.4-1.el6.x86_64.rpm | 48 kB 00:00 ----------------------------------------------------------------------------- Total 14 kB/s | 688 kB 00:48 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : uptrack-libyaml-0.1.4-1.el6.x86_64 1/3 Installing : uptrack-PyYAML-3.08-4.el6.x86_64 2/3 Installing : uptrack-1.2.38-0.el6.noarch 3/3 There are no existing modules on disk that need basename migration. Verifying : uptrack-1.2.38-0.el6.noarch 1/3 Verifying : uptrack-libyaml-0.1.4-1.el6.x86_64 2/3 Verifying : uptrack-PyYAML-3.08-4.el6.x86_64 3/3 Installed: uptrack.noarch 0:1.2.38-0.el6 Dependency Installed: uptrack-PyYAML.x86_64 0:3.08-4.el6 uptrack-libyaml.x86_64 0:0.1.4-1.el6 Complete! Effective kernel version is 4.1.12-37.4.1.el6uek The following steps will be taken: Install [mdovvlwf] Improve the interface to freeze tasks. Install [nhdxempm] CVE-2016-4565: Privilege escalation in Infiniband ioctl. Install [uadmmjua] CVE-2016-2117: Information leak in Atheros ATL2 transmission. Install [u4qw4jdx] CVE-2016-6197, CVE-2016-6198: Denial-of-service in OverlayFS on XFS. Install [j0o0d238] CVE-2015-8660: Permission bypass on overlayfs when setting file extended attributes. Install [in658n2y] CVE-2016-4470: Denial-of-service in the keyring subsystem. Install [lp3b4vzo] CVE-2016-5696: Session hijacking in TCP connections. Install [g5n10jro] CVE-2015-8785: Infinite loop when submitting invalid io vectors to FUSE filesystem. Install [qvypln00] CVE-2016-2069: Race condition in the TLB flush logic on multi-processors. Install [fubymn3l] CVE-2015-8787: NULL pointer dereference in Netfilter NAT redirection. Install [29shzoeu] CVE-2016-0723: Denial-of-service in TTY TIOCGETD ioctl(). Install [iyyf5mc3] Stack buffer overflow in the HP Smart Array SCSI driver. Install [p9jkup8d] Denial-of-service in ALSA SNDRV_SEQ_IOCTL_REMOVE_EVENTS ioctl(). Install [5trmadhz] Use-after-free in ALSA sequencer timers. Install [0kemd3n0] Privilege escalation in ALSA compatibility ioctl(). Install [g5kga5kw] Denial-of-service in ALSA timer management. Install [kghekfwi] Denial-of-service in ALSA TLV controls. Install [y1fivdl9] Use-after-free in Intel audio device removal. Install [wf4987ap] Use-after-free when taking a reference on an IPv6 label. Install [pmxhuk5h] Denial-of-service in IPv6 stable_secret sysctl writing. Install [6cng3h9y] Denial-of-service in SCTP protocol under memory pressure. Install [9j8uda3z] Denial-of-service in Connector callback implementation. Install [fizhyy51] Privilege escalation in network bridge startup. Install [0sdd9nt0] Use-after-free in network destination cache removal. Install [015zv6zt] Out-of-bounds access in SCTP cookie_hmac_alg sysctl writing. Install [o1sqdmgn] Use-after-free in IPv6 SYNACK retransmission. Install [czz300rq] Denial-of-service in SO_NO_CHECK sockets. Install [7al0itnm] NULL pointer dereference in PhoNet packet reception. Install [chhvzpr5] CVE-2016-2383: Undefined behaviour in Berkeley Packet Filter constant shifts. Install [sfg3qe62] Denial-of-service in ISDN PPP device opening. Install [vecx9mji] CVE-2015-7799: Denial-of-service in PPP compression slot parameters. Install [ywge2v76] Information leak in HID core when connecting device. Install [h1fzcvjn] Denial of service in Topro USB Camera ioctl. Install [rk5fbc49] Memory leak in Realtek USB Wireless adapter when receiving malformed frames. Install [v1j86ako] Privilege escalation in overlayfs extended attributes. Install [2svmlu1o] Kernel panic when removing directory from overlay filesystem. Install [kxuwfxw5] Memory leak when requeuing priority inversion futex. Install [0l6ygvrj] Denial-of-service when parsing UDF indirect extents. Install [izqgc784] Denial-of-service in block cache driver on device removal. Install [4dojfzjt] Memory corruption when processing multibyte unicode filenames on UDF. Install [7r0srh9n] Denial-of-service in BTRFS device array reading. Install [nnx4ymjw] Memory corruption in Nouveau driver during connector hotplug. Install [lytrplwr] Use-after-free in virtio balloon driver during compaction. Install [l8dzuqb4] Information leak when reading directory entries on CIFS mount. Install [anhwn031] Use-after-free in OCFS2 distributed lock manager. Install [p53zywd9] Kernel panic when soft-offlining memory. Install [we9rx462] Use-after-free when unregistering events in memory control group. Install [tkxnuvw7] Use-after-free when failing to accept userspace cryptographic sockets. Install [vwij25nr] Memory corruption when sending data to userspace cryptographic socket. Install [tfadz0yc] Kernel panic when setting prctl MM values. Install [0jvyx87q] Data loss in USB Modem driver during suspend and resume. Install [hqqwruse] Crash in USB hub driver during device reset. Install [p3c9p7tn] Crash in USB serial driver when malicious Treo device is connected. Install [lcwxn667] CVE-2015-7566: Denial-of-service in USB Handspring Visor driver. Install [rtmduzgc] Use-after-free when removing virtio PCI devices. Install [36sz5euf] Crash in SCSI driver during power management suspend and resume. Install [xgwvni1u] Deadlock when reading from rfkill sysfs file. Install [nn2hvj9p] Kernel crash in userspace interface for hash algorithm when sending a message. Install [pt45ej4e] Kernel log buffer flood in ALSA rawmidi driver. Install [7d8frpop] Multiple kernel deadlocks in ALSA OSS emulation. Install [cy1wkzmz] Multiple use-after-free in ALSA sequencers when closing the device. Install [urmrrm0f] Memory corruption in ALSA rawmidi driver on concurrent read/write. Install [j81y9jaz] Use-after-free when unloading xHCI host driver. Install [3ic8chog] Denial-of-service in ALSA timer handling. Install [1ag47m1z] Kernel deadlock when dumping the call stack on multiple CPUs. Install [p66d24gh] Infinite loop when unmounting an OCFS2 filesystem using the kernel distributed lock manager. Install [d7wae6pw] Kernel deadlock when validating a memory context. Install [z3tqbzvk] Kernel panic when handling interrupts for SATA devices. Install [nn8yh1r8] Kernel hang in Btrfs filesystem when using the BTRFS_IOC_INO_PATHS ioctl. Install [trwlwuhf] Information leak in ALSA sound sub-system when parsing the HDMI EDID-Like-Data (ELD). Install [x0wv59yr] Use-after-free in the kernel list library on concurrent hotplug events. Install [halioyqa] Kernel panic when parsing VBT in Intel integrated graphics. Install [5jsms2s6] Integer overflow in ext4 buffer allocation. Install [zavamdat] Data corruption on ext4 filesystem when moving data to a donor file. Install [35ls1brl] Memory leak in the ALSA audio driver on concurrent writes to the sequencer device. Install [c9asia8l] Kernel crash when handling vmalloc page faults on large pages. Install [ual35d59] Kernel deadlock in ALSA sound driver when handling pulse code modulation. Install [v5sm9atv] Data loss in ext4 with concurrent direct IO operations. Install [m8ktv3pc] Kernel panic when starting fastopen TCP connections. Install [gex6ku8y] Memory leak when reading from AF_UNIX socket. Install [jaqkvgea] Memory leak when sending IPv4 data with ancillary data. Install [w3ucr08q] Information leak in the ATA 32 bits compat ioctl. Install [sj71njz2] Memory leak in device mapper when requeuing requests. Install [q720zpzm] Memory corruption when parsing numbers from NFS requests. Install [vaqyzjze] Kernel deadlock in JFFS2 filesystem when writing. Install [fmam69o9] Kernel panic when handling signals under Intel MPX. Install [ggdqj0av] Kernel panic when failing to open file. Install [4ugtzaij] Kernel panic when parsing filenames. Install [cm5yw39p] Out of bounds memory access on reading a file from a SMB server. Install [8ouqh5s2] Kernel hang when the function graph tracer is enabled on suspend. Install [nejd813f] Heap overflow in the Unsorted Block Images (UBI) on volume update. Install [0em64mbp] Kernel panic when using receive aggregation on WiFi. Install [yyy44gmu] Possible frame injection on encrypted WiFi using Galois/Counter Mode Protocol. Install [ul0r053a] Denial-of-service in JFFS2 when recovering a halfway failed rename. Install [7i25yfkl] Information leak to KVM guests when the the host is using PEBS tracing. Install [iqjcnvc9] Denial-of-service when running KVM guest with Extended Page Table disabled. Install [el6110l4] Kernel deadlock in the USB HID stack on interrupt. Install [be452d8p] Memory leak in btrfs superblock validation. Install [csyikupa] Kernel panic when writing a single page to a btrfs filesystem. Install [58tj7xii] Kernel panic when accessing symlinks on btrfs volume. Install [dnxjh1as] Memory leak when creating hard link on btrfs volume. Install [wt6hbic0] Use-after-free when tracing a work queueing in Btrfs filesystem. Install [tofygh65] CVE-2015-7513: Divide-by-zero in KVM when reloading the programmable interrupt timer. Install [erxi8kn0] Denial-of-service when updating a negatively instantiated user cryptographic key. Install [19xdhl89] NULL pointer dereference in TTY line discipline reception. Install [j4hdfxbf] Filesystem corruption in EXT4 extent moving. Install [6pkvalrk] Denial-of-service in NFS server buffer decoding. Install [etmgkfsh] Kernel crash in disk quota initialization. Install [msycyr7w] Kernel crash in block cache device initialization. Install [mze2l7t6] NULL pointer dereference in block cache registration failure. Install [ubidlkf9] Journalling filesystem corruption on unmount under memory pressure. Install [19qbp1kt] Use-after-free in FUSE filesystems with direct, asynchronous I/O. Install [zx03u41m] CVE-2016-2186: Denial of service in Griffin PowerMate USB descriptor parsing. Install [n6vjz8o9] CVE-2016-2184: Denial of service in ALSA USB audio descriptor parsing. Install [hcyy40ng] Denial-of-service in NFS secinfo+readdir operations. Install [5fc7zave] CVE-2016-2188: Denial of service in IO Warrior USB descriptor parsing. Install [rdlmjqs1] Denial of service in generic USB interface management. Install [7vibanga] CVE-2016-3138: Denial of service in CDC ADM USB descriptor parsing. Install [zlsqcgw5] Denial-of-service in pipe splicing with no pages. Install [3jde7dfg] Denial-of-service in KVM invept instruction emulation. Install [cbx8wk7c] Denial-of-service in KVM VCPU creation. Install [gcml7smx] Denial-of-service in coredump writing. Install [1gdy967x] CVE-2016-2185: Denial of service in ATI/Philips USB RF remote descriptor parsing. Install [nik5wgnt] Kernel hang in OCFS2 Distributed Lock Manager convert and recovery operations. Install [0wk20x0r] Kernel crash in OCFS2 Distributed Lock Manager during master loss. Install [i8dl229b] CVE-2016-3136: Denial of service in MCT Serial USB descriptor parsing. Install [pwd2bjm4] CVE-2016-3137: Denial of service in USB Cypress M8 descriptor parsing. Install [4ioo8hzw] Memory corruption when inserting data into associative arrays. Install [qr9r8r5u] Use after free when disabling a USB XHCI device. Install [7nmjtbf9] Kernel crash when remapping file pages of a removed IPC ID. Install [xyxen72s] Use-after-free when processing switchdev events. Install [83ojhh6s] Divide-by-zero in the ALSA RME Hammerfall audio driver. Install [rc0xc3c4] Privilege escalation when chowning files on overlayfs mount. Install [t1bu1des] Use-after-free in the perf subsystem on error in the perf_event_open syscall. Install [38s4ghcb] SMAP bypass in 32bit compatibility syscall handler. Install [xya10lbt] BTRFS filesystem xattr data corruption during fast fsync(). Install [05qej9zi] BTRFS filesystem data corruption with no_holes and multiple truncates. Install [ewgh3nwa] BTRFS filesystem data loss during fsync() after rename and inode creation. Install [zogv6y7s] Multiple crashes with RDS (Reliable Datagram Sockets) over TCP. Install [j5fknf63] NULL pointer dereference in RDS over TCP during accept(). Install [htkan8zo] Use-after-free in Xen network device teardown. Install [kns889dc] Heap buffer overflow in internal Xen reply queue. Install [7uflvnij] Denial of service in BTRFS filesystem driver. Install [rgd2u0nb] Multiple data corruption issues in BTRFS filesystem driver. Install [56dpbu10] Kernel crash in HP Smart Array SAS Controller driver. Install [6q4o006n] Kernel infinite loop in SCSI disk driver. Install [93rz5hgf] Kernel panic in IPv6 forwarding of timewait sockets. Install [3e59ivmc] Kernel hang with Xen under nested virtualization. Install [rb7w6d57] Kernel crash in Xen block-device backend driver. Install [3gbuztol] Kernel BUG during scrub of BTRFS filesystem. Install [sjsw0zz6] CVE-2015-7833: Crash in USB vision driver when malicious device is connected. Install [27ea8xs6] CVE-2016-4913: Information leak in ISO9660 filename parsing. Install [ndqo6xfi] CVE-2016-4581: Denial-of-service in slave mount propagation. Install [mfbni72l] Memory leak in virtio balloon driver during inflation and deflation. Install [vjivzetn] Kernel deadlock in Emulex 10Gbps iSCSI driver. Install [bzg4r3ye] Kernel panic on machine check exception with offline cpu. Install [yfm9dr51] Memory leak in Broadcom QLogic bnx2 driver on initialization failure. Install [2mv564et] NULL pointer dereference in Brocade Fiber Channel driver on disconnection. Install [s6fw2dpk] Kernel memory corruption in Btrfs direct IO reads and writes. Install [k7r9m5v0] Denial-of-service when accepting userspace cryptographic sockets. Install [6cysves6] Permission bypass when checking credentials for filesystem accesses. Install [xji221sd] Denial of service in Emulex LightPulse device reset. Install [4efqsldi] Heap overflow in block driver on flush. Install [c0h2rik7] CVE-2016-4997, CVE-2016-4998: Privilege escalation in the Netfilter driver. [ Installation Complete! ] [ Please run '/usr/sbin/uptrack-upgrade -y' to bring your system up to date ] [root@ovm ~]#
uptrack utility
[root@ovm ~]# ls -l /usr/sbin/uptrack-* lrwxrwxrwx. 1 root root 15 Oct 5 11:24 /usr/sbin/uptrack-install -> uptrack-upgrade lrwxrwxrwx. 1 root root 15 Oct 5 11:24 /usr/sbin/uptrack-remove -> uptrack-upgrade lrwxrwxrwx. 1 root root 15 Oct 5 11:24 /usr/sbin/uptrack-show -> uptrack-upgrade -rwxr-xr-x. 1 root root 102617 Aug 18 08:36 /usr/sbin/uptrack-upgrade [root@ovm ~]# which uptrack-uname /usr/bin/uptrack-uname [root@ovm ~]#
列出可用的补丁,下面的命令都可以
uptrack-upgrade –n,uptrack-show,uptrack-show --available
[root@ovm ~]# uptrack-upgrade –n The following steps will be taken: Install [mdovvlwf] Improve the interface to freeze tasks. Install [nhdxempm] CVE-2016-4565: Privilege escalation in Infiniband ioctl. Install [uadmmjua] CVE-2016-2117: Information leak in Atheros ATL2 transmission. Install [u4qw4jdx] CVE-2016-6197, CVE-2016-6198: Denial-of-service in OverlayFS on XFS. Install [j0o0d238] CVE-2015-8660: Permission bypass on overlayfs when setting file extended attributes. Install [in658n2y] CVE-2016-4470: Denial-of-service in the keyring subsystem. Install [lp3b4vzo] CVE-2016-5696: Session hijacking in TCP connections. Install [g5n10jro] CVE-2015-8785: Infinite loop when submitting invalid io vectors to FUSE filesystem. Install [qvypln00] CVE-2016-2069: Race condition in the TLB flush logic on multi-processors. Install [fubymn3l] CVE-2015-8787: NULL pointer dereference in Netfilter NAT redirection. Install [29shzoeu] CVE-2016-0723: Denial-of-service in TTY TIOCGETD ioctl(). Install [iyyf5mc3] Stack buffer overflow in the HP Smart Array SCSI driver. Install [p9jkup8d] Denial-of-service in ALSA SNDRV_SEQ_IOCTL_REMOVE_EVENTS ioctl(). Install [5trmadhz] Use-after-free in ALSA sequencer timers. Install [0kemd3n0] Privilege escalation in ALSA compatibility ioctl(). Install [g5kga5kw] Denial-of-service in ALSA timer management. Install [kghekfwi] Denial-of-service in ALSA TLV controls. Install [y1fivdl9] Use-after-free in Intel audio device removal. Install [wf4987ap] Use-after-free when taking a reference on an IPv6 label. Install [pmxhuk5h] Denial-of-service in IPv6 stable_secret sysctl writing. Install [6cng3h9y] Denial-of-service in SCTP protocol under memory pressure. Install [9j8uda3z] Denial-of-service in Connector callback implementation. Install [fizhyy51] Privilege escalation in network bridge startup. Install [0sdd9nt0] Use-after-free in network destination cache removal. Install [015zv6zt] Out-of-bounds access in SCTP cookie_hmac_alg sysctl writing. Install [o1sqdmgn] Use-after-free in IPv6 SYNACK retransmission. Install [czz300rq] Denial-of-service in SO_NO_CHECK sockets. Install [7al0itnm] NULL pointer dereference in PhoNet packet reception. Install [chhvzpr5] CVE-2016-2383: Undefined behaviour in Berkeley Packet Filter constant shifts. Install [sfg3qe62] Denial-of-service in ISDN PPP device opening. Install [vecx9mji] CVE-2015-7799: Denial-of-service in PPP compression slot parameters. Install [ywge2v76] Information leak in HID core when connecting device. Install [h1fzcvjn] Denial of service in Topro USB Camera ioctl. Install [rk5fbc49] Memory leak in Realtek USB Wireless adapter when receiving malformed frames. Install [v1j86ako] Privilege escalation in overlayfs extended attributes. Install [2svmlu1o] Kernel panic when removing directory from overlay filesystem. Install [kxuwfxw5] Memory leak when requeuing priority inversion futex. Install [0l6ygvrj] Denial-of-service when parsing UDF indirect extents. Install [izqgc784] Denial-of-service in block cache driver on device removal. Install [4dojfzjt] Memory corruption when processing multibyte unicode filenames on UDF. Install [7r0srh9n] Denial-of-service in BTRFS device array reading. Install [nnx4ymjw] Memory corruption in Nouveau driver during connector hotplug. Install [lytrplwr] Use-after-free in virtio balloon driver during compaction. Install [l8dzuqb4] Information leak when reading directory entries on CIFS mount. Install [anhwn031] Use-after-free in OCFS2 distributed lock manager. Install [p53zywd9] Kernel panic when soft-offlining memory. Install [we9rx462] Use-after-free when unregistering events in memory control group. Install [tkxnuvw7] Use-after-free when failing to accept userspace cryptographic sockets. Install [vwij25nr] Memory corruption when sending data to userspace cryptographic socket. Install [tfadz0yc] Kernel panic when setting prctl MM values. Install [0jvyx87q] Data loss in USB Modem driver during suspend and resume. Install [hqqwruse] Crash in USB hub driver during device reset. Install [p3c9p7tn] Crash in USB serial driver when malicious Treo device is connected. Install [lcwxn667] CVE-2015-7566: Denial-of-service in USB Handspring Visor driver. Install [rtmduzgc] Use-after-free when removing virtio PCI devices. Install [36sz5euf] Crash in SCSI driver during power management suspend and resume. Install [xgwvni1u] Deadlock when reading from rfkill sysfs file. Install [nn2hvj9p] Kernel crash in userspace interface for hash algorithm when sending a message. Install [pt45ej4e] Kernel log buffer flood in ALSA rawmidi driver. Install [7d8frpop] Multiple kernel deadlocks in ALSA OSS emulation. Install [cy1wkzmz] Multiple use-after-free in ALSA sequencers when closing the device. Install [urmrrm0f] Memory corruption in ALSA rawmidi driver on concurrent read/write. Install [j81y9jaz] Use-after-free when unloading xHCI host driver. Install [3ic8chog] Denial-of-service in ALSA timer handling. Install [1ag47m1z] Kernel deadlock when dumping the call stack on multiple CPUs. Install [p66d24gh] Infinite loop when unmounting an OCFS2 filesystem using the kernel distributed lock manager. Install [d7wae6pw] Kernel deadlock when validating a memory context. Install [z3tqbzvk] Kernel panic when handling interrupts for SATA devices. Install [nn8yh1r8] Kernel hang in Btrfs filesystem when using the BTRFS_IOC_INO_PATHS ioctl. Install [trwlwuhf] Information leak in ALSA sound sub-system when parsing the HDMI EDID-Like-Data (ELD). Install [x0wv59yr] Use-after-free in the kernel list library on concurrent hotplug events. Install [halioyqa] Kernel panic when parsing VBT in Intel integrated graphics. Install [5jsms2s6] Integer overflow in ext4 buffer allocation. Install [zavamdat] Data corruption on ext4 filesystem when moving data to a donor file. Install [35ls1brl] Memory leak in the ALSA audio driver on concurrent writes to the sequencer device. Install [c9asia8l] Kernel crash when handling vmalloc page faults on large pages. Install [ual35d59] Kernel deadlock in ALSA sound driver when handling pulse code modulation. Install [v5sm9atv] Data loss in ext4 with concurrent direct IO operations. Install [m8ktv3pc] Kernel panic when starting fastopen TCP connections. Install [gex6ku8y] Memory leak when reading from AF_UNIX socket. Install [jaqkvgea] Memory leak when sending IPv4 data with ancillary data. Install [w3ucr08q] Information leak in the ATA 32 bits compat ioctl. Install [sj71njz2] Memory leak in device mapper when requeuing requests. Install [q720zpzm] Memory corruption when parsing numbers from NFS requests. Install [vaqyzjze] Kernel deadlock in JFFS2 filesystem when writing. Install [fmam69o9] Kernel panic when handling signals under Intel MPX. Install [ggdqj0av] Kernel panic when failing to open file. Install [4ugtzaij] Kernel panic when parsing filenames. Install [cm5yw39p] Out of bounds memory access on reading a file from a SMB server. Install [8ouqh5s2] Kernel hang when the function graph tracer is enabled on suspend. Install [nejd813f] Heap overflow in the Unsorted Block Images (UBI) on volume update. Install [0em64mbp] Kernel panic when using receive aggregation on WiFi. Install [yyy44gmu] Possible frame injection on encrypted WiFi using Galois/Counter Mode Protocol. Install [ul0r053a] Denial-of-service in JFFS2 when recovering a halfway failed rename. Install [7i25yfkl] Information leak to KVM guests when the the host is using PEBS tracing. Install [iqjcnvc9] Denial-of-service when running KVM guest with Extended Page Table disabled. Install [el6110l4] Kernel deadlock in the USB HID stack on interrupt. Install [be452d8p] Memory leak in btrfs superblock validation. Install [csyikupa] Kernel panic when writing a single page to a btrfs filesystem. Install [58tj7xii] Kernel panic when accessing symlinks on btrfs volume. Install [dnxjh1as] Memory leak when creating hard link on btrfs volume. Install [wt6hbic0] Use-after-free when tracing a work queueing in Btrfs filesystem. Install [tofygh65] CVE-2015-7513: Divide-by-zero in KVM when reloading the programmable interrupt timer. Install [erxi8kn0] Denial-of-service when updating a negatively instantiated user cryptographic key. Install [19xdhl89] NULL pointer dereference in TTY line discipline reception. Install [j4hdfxbf] Filesystem corruption in EXT4 extent moving. Install [6pkvalrk] Denial-of-service in NFS server buffer decoding. Install [etmgkfsh] Kernel crash in disk quota initialization. Install [msycyr7w] Kernel crash in block cache device initialization. Install [mze2l7t6] NULL pointer dereference in block cache registration failure. Install [ubidlkf9] Journalling filesystem corruption on unmount under memory pressure. Install [19qbp1kt] Use-after-free in FUSE filesystems with direct, asynchronous I/O. Install [zx03u41m] CVE-2016-2186: Denial of service in Griffin PowerMate USB descriptor parsing. Install [n6vjz8o9] CVE-2016-2184: Denial of service in ALSA USB audio descriptor parsing. Install [hcyy40ng] Denial-of-service in NFS secinfo+readdir operations. Install [5fc7zave] CVE-2016-2188: Denial of service in IO Warrior USB descriptor parsing. Install [rdlmjqs1] Denial of service in generic USB interface management. Install [7vibanga] CVE-2016-3138: Denial of service in CDC ADM USB descriptor parsing. Install [zlsqcgw5] Denial-of-service in pipe splicing with no pages. Install [3jde7dfg] Denial-of-service in KVM invept instruction emulation. Install [cbx8wk7c] Denial-of-service in KVM VCPU creation. Install [gcml7smx] Denial-of-service in coredump writing. Install [1gdy967x] CVE-2016-2185: Denial of service in ATI/Philips USB RF remote descriptor parsing. Install [nik5wgnt] Kernel hang in OCFS2 Distributed Lock Manager convert and recovery operations. Install [0wk20x0r] Kernel crash in OCFS2 Distributed Lock Manager during master loss. Install [i8dl229b] CVE-2016-3136: Denial of service in MCT Serial USB descriptor parsing. Install [pwd2bjm4] CVE-2016-3137: Denial of service in USB Cypress M8 descriptor parsing. Install [4ioo8hzw] Memory corruption when inserting data into associative arrays. Install [qr9r8r5u] Use after free when disabling a USB XHCI device. Install [7nmjtbf9] Kernel crash when remapping file pages of a removed IPC ID. Install [xyxen72s] Use-after-free when processing switchdev events. Install [83ojhh6s] Divide-by-zero in the ALSA RME Hammerfall audio driver. Install [rc0xc3c4] Privilege escalation when chowning files on overlayfs mount. Install [t1bu1des] Use-after-free in the perf subsystem on error in the perf_event_open syscall. Install [38s4ghcb] SMAP bypass in 32bit compatibility syscall handler. Install [xya10lbt] BTRFS filesystem xattr data corruption during fast fsync(). Install [05qej9zi] BTRFS filesystem data corruption with no_holes and multiple truncates. Install [ewgh3nwa] BTRFS filesystem data loss during fsync() after rename and inode creation. Install [zogv6y7s] Multiple crashes with RDS (Reliable Datagram Sockets) over TCP. Install [j5fknf63] NULL pointer dereference in RDS over TCP during accept(). Install [htkan8zo] Use-after-free in Xen network device teardown. Install [kns889dc] Heap buffer overflow in internal Xen reply queue. Install [7uflvnij] Denial of service in BTRFS filesystem driver. Install [rgd2u0nb] Multiple data corruption issues in BTRFS filesystem driver. Install [56dpbu10] Kernel crash in HP Smart Array SAS Controller driver. Install [6q4o006n] Kernel infinite loop in SCSI disk driver. Install [93rz5hgf] Kernel panic in IPv6 forwarding of timewait sockets. Install [3e59ivmc] Kernel hang with Xen under nested virtualization. Install [rb7w6d57] Kernel crash in Xen block-device backend driver. Install [3gbuztol] Kernel BUG during scrub of BTRFS filesystem. Install [sjsw0zz6] CVE-2015-7833: Crash in USB vision driver when malicious device is connected. Install [27ea8xs6] CVE-2016-4913: Information leak in ISO9660 filename parsing. Install [ndqo6xfi] CVE-2016-4581: Denial-of-service in slave mount propagation. Install [mfbni72l] Memory leak in virtio balloon driver during inflation and deflation. Install [vjivzetn] Kernel deadlock in Emulex 10Gbps iSCSI driver. Install [bzg4r3ye] Kernel panic on machine check exception with offline cpu. Install [yfm9dr51] Memory leak in Broadcom QLogic bnx2 driver on initialization failure. Install [2mv564et] NULL pointer dereference in Brocade Fiber Channel driver on disconnection. Install [s6fw2dpk] Kernel memory corruption in Btrfs direct IO reads and writes. Install [k7r9m5v0] Denial-of-service when accepting userspace cryptographic sockets. Install [6cysves6] Permission bypass when checking credentials for filesystem accesses. Install [xji221sd] Denial of service in Emulex LightPulse device reset. Install [4efqsldi] Heap overflow in block driver on flush. Install [c0h2rik7] CVE-2016-4997, CVE-2016-4998: Privilege escalation in the Netfilter driver. Go ahead [y/N]? n Aborting. [root@ovm ~]#
安装Updates
[root@ovm ~]# uptrack-upgrade -y The following steps will be taken: Install [mdovvlwf] Improve the interface to freeze tasks. Install [nhdxempm] CVE-2016-4565: Privilege escalation in Infiniband ioctl. Install [uadmmjua] CVE-2016-2117: Information leak in Atheros ATL2 transmission. Install [u4qw4jdx] CVE-2016-6197, CVE-2016-6198: Denial-of-service in OverlayFS on XFS. Install [j0o0d238] CVE-2015-8660: Permission bypass on overlayfs when setting file extended attributes. Install [in658n2y] CVE-2016-4470: Denial-of-service in the keyring subsystem. Install [lp3b4vzo] CVE-2016-5696: Session hijacking in TCP connections. Install [g5n10jro] CVE-2015-8785: Infinite loop when submitting invalid io vectors to FUSE filesystem. Install [qvypln00] CVE-2016-2069: Race condition in the TLB flush logic on multi-processors. Install [fubymn3l] CVE-2015-8787: NULL pointer dereference in Netfilter NAT redirection. Install [29shzoeu] CVE-2016-0723: Denial-of-service in TTY TIOCGETD ioctl(). Install [iyyf5mc3] Stack buffer overflow in the HP Smart Array SCSI driver. Install [p9jkup8d] Denial-of-service in ALSA SNDRV_SEQ_IOCTL_REMOVE_EVENTS ioctl(). Install [5trmadhz] Use-after-free in ALSA sequencer timers. Install [0kemd3n0] Privilege escalation in ALSA compatibility ioctl(). Install [g5kga5kw] Denial-of-service in ALSA timer management. Install [kghekfwi] Denial-of-service in ALSA TLV controls. Install [y1fivdl9] Use-after-free in Intel audio device removal. Install [wf4987ap] Use-after-free when taking a reference on an IPv6 label. Install [pmxhuk5h] Denial-of-service in IPv6 stable_secret sysctl writing. Install [6cng3h9y] Denial-of-service in SCTP protocol under memory pressure. Install [9j8uda3z] Denial-of-service in Connector callback implementation. Install [fizhyy51] Privilege escalation in network bridge startup. Install [0sdd9nt0] Use-after-free in network destination cache removal. Install [015zv6zt] Out-of-bounds access in SCTP cookie_hmac_alg sysctl writing. Install [o1sqdmgn] Use-after-free in IPv6 SYNACK retransmission. Install [czz300rq] Denial-of-service in SO_NO_CHECK sockets. Install [7al0itnm] NULL pointer dereference in PhoNet packet reception. Install [chhvzpr5] CVE-2016-2383: Undefined behaviour in Berkeley Packet Filter constant shifts. Install [sfg3qe62] Denial-of-service in ISDN PPP device opening. Install [vecx9mji] CVE-2015-7799: Denial-of-service in PPP compression slot parameters. Install [ywge2v76] Information leak in HID core when connecting device. Install [h1fzcvjn] Denial of service in Topro USB Camera ioctl. Install [rk5fbc49] Memory leak in Realtek USB Wireless adapter when receiving malformed frames. Install [v1j86ako] Privilege escalation in overlayfs extended attributes. Install [2svmlu1o] Kernel panic when removing directory from overlay filesystem. Install [kxuwfxw5] Memory leak when requeuing priority inversion futex. Install [0l6ygvrj] Denial-of-service when parsing UDF indirect extents. Install [izqgc784] Denial-of-service in block cache driver on device removal. Install [4dojfzjt] Memory corruption when processing multibyte unicode filenames on UDF. Install [7r0srh9n] Denial-of-service in BTRFS device array reading. Install [nnx4ymjw] Memory corruption in Nouveau driver during connector hotplug. Install [lytrplwr] Use-after-free in virtio balloon driver during compaction. Install [l8dzuqb4] Information leak when reading directory entries on CIFS mount. Install [anhwn031] Use-after-free in OCFS2 distributed lock manager. Install [p53zywd9] Kernel panic when soft-offlining memory. Install [we9rx462] Use-after-free when unregistering events in memory control group. Install [tkxnuvw7] Use-after-free when failing to accept userspace cryptographic sockets. Install [vwij25nr] Memory corruption when sending data to userspace cryptographic socket. Install [tfadz0yc] Kernel panic when setting prctl MM values. Install [0jvyx87q] Data loss in USB Modem driver during suspend and resume. Install [hqqwruse] Crash in USB hub driver during device reset. Install [p3c9p7tn] Crash in USB serial driver when malicious Treo device is connected. Install [lcwxn667] CVE-2015-7566: Denial-of-service in USB Handspring Visor driver. Install [rtmduzgc] Use-after-free when removing virtio PCI devices. Install [36sz5euf] Crash in SCSI driver during power management suspend and resume. Install [xgwvni1u] Deadlock when reading from rfkill sysfs file. Install [nn2hvj9p] Kernel crash in userspace interface for hash algorithm when sending a message. Install [pt45ej4e] Kernel log buffer flood in ALSA rawmidi driver. Install [7d8frpop] Multiple kernel deadlocks in ALSA OSS emulation. Install [cy1wkzmz] Multiple use-after-free in ALSA sequencers when closing the device. Install [urmrrm0f] Memory corruption in ALSA rawmidi driver on concurrent read/write. Install [j81y9jaz] Use-after-free when unloading xHCI host driver. Install [3ic8chog] Denial-of-service in ALSA timer handling. Install [1ag47m1z] Kernel deadlock when dumping the call stack on multiple CPUs. Install [p66d24gh] Infinite loop when unmounting an OCFS2 filesystem using the kernel distributed lock manager. Install [d7wae6pw] Kernel deadlock when validating a memory context. Install [z3tqbzvk] Kernel panic when handling interrupts for SATA devices. Install [nn8yh1r8] Kernel hang in Btrfs filesystem when using the BTRFS_IOC_INO_PATHS ioctl. Install [trwlwuhf] Information leak in ALSA sound sub-system when parsing the HDMI EDID-Like-Data (ELD). Install [x0wv59yr] Use-after-free in the kernel list library on concurrent hotplug events. Install [halioyqa] Kernel panic when parsing VBT in Intel integrated graphics. Install [5jsms2s6] Integer overflow in ext4 buffer allocation. Install [zavamdat] Data corruption on ext4 filesystem when moving data to a donor file. Install [35ls1brl] Memory leak in the ALSA audio driver on concurrent writes to the sequencer device. Install [c9asia8l] Kernel crash when handling vmalloc page faults on large pages. Install [ual35d59] Kernel deadlock in ALSA sound driver when handling pulse code modulation. Install [v5sm9atv] Data loss in ext4 with concurrent direct IO operations. Install [m8ktv3pc] Kernel panic when starting fastopen TCP connections. Install [gex6ku8y] Memory leak when reading from AF_UNIX socket. Install [jaqkvgea] Memory leak when sending IPv4 data with ancillary data. Install [w3ucr08q] Information leak in the ATA 32 bits compat ioctl. Install [sj71njz2] Memory leak in device mapper when requeuing requests. Install [q720zpzm] Memory corruption when parsing numbers from NFS requests. Install [vaqyzjze] Kernel deadlock in JFFS2 filesystem when writing. Install [fmam69o9] Kernel panic when handling signals under Intel MPX. Install [ggdqj0av] Kernel panic when failing to open file. Install [4ugtzaij] Kernel panic when parsing filenames. Install [cm5yw39p] Out of bounds memory access on reading a file from a SMB server. Install [8ouqh5s2] Kernel hang when the function graph tracer is enabled on suspend. Install [nejd813f] Heap overflow in the Unsorted Block Images (UBI) on volume update. Install [0em64mbp] Kernel panic when using receive aggregation on WiFi. Install [yyy44gmu] Possible frame injection on encrypted WiFi using Galois/Counter Mode Protocol. Install [ul0r053a] Denial-of-service in JFFS2 when recovering a halfway failed rename. Install [7i25yfkl] Information leak to KVM guests when the the host is using PEBS tracing. Install [iqjcnvc9] Denial-of-service when running KVM guest with Extended Page Table disabled. Install [el6110l4] Kernel deadlock in the USB HID stack on interrupt. Install [be452d8p] Memory leak in btrfs superblock validation. Install [csyikupa] Kernel panic when writing a single page to a btrfs filesystem. Install [58tj7xii] Kernel panic when accessing symlinks on btrfs volume. Install [dnxjh1as] Memory leak when creating hard link on btrfs volume. Install [wt6hbic0] Use-after-free when tracing a work queueing in Btrfs filesystem. Install [tofygh65] CVE-2015-7513: Divide-by-zero in KVM when reloading the programmable interrupt timer. Install [erxi8kn0] Denial-of-service when updating a negatively instantiated user cryptographic key. Install [19xdhl89] NULL pointer dereference in TTY line discipline reception. Install [j4hdfxbf] Filesystem corruption in EXT4 extent moving. Install [6pkvalrk] Denial-of-service in NFS server buffer decoding. Install [etmgkfsh] Kernel crash in disk quota initialization. Install [msycyr7w] Kernel crash in block cache device initialization. Install [mze2l7t6] NULL pointer dereference in block cache registration failure. Install [ubidlkf9] Journalling filesystem corruption on unmount under memory pressure. Install [19qbp1kt] Use-after-free in FUSE filesystems with direct, asynchronous I/O. Install [zx03u41m] CVE-2016-2186: Denial of service in Griffin PowerMate USB descriptor parsing. Install [n6vjz8o9] CVE-2016-2184: Denial of service in ALSA USB audio descriptor parsing. Install [hcyy40ng] Denial-of-service in NFS secinfo+readdir operations. Install [5fc7zave] CVE-2016-2188: Denial of service in IO Warrior USB descriptor parsing. Install [rdlmjqs1] Denial of service in generic USB interface management. Install [7vibanga] CVE-2016-3138: Denial of service in CDC ADM USB descriptor parsing. Install [zlsqcgw5] Denial-of-service in pipe splicing with no pages. Install [3jde7dfg] Denial-of-service in KVM invept instruction emulation. Install [cbx8wk7c] Denial-of-service in KVM VCPU creation. Install [gcml7smx] Denial-of-service in coredump writing. Install [1gdy967x] CVE-2016-2185: Denial of service in ATI/Philips USB RF remote descriptor parsing. Install [nik5wgnt] Kernel hang in OCFS2 Distributed Lock Manager convert and recovery operations. Install [0wk20x0r] Kernel crash in OCFS2 Distributed Lock Manager during master loss. Install [i8dl229b] CVE-2016-3136: Denial of service in MCT Serial USB descriptor parsing. Install [pwd2bjm4] CVE-2016-3137: Denial of service in USB Cypress M8 descriptor parsing. Install [4ioo8hzw] Memory corruption when inserting data into associative arrays. Install [qr9r8r5u] Use after free when disabling a USB XHCI device. Install [7nmjtbf9] Kernel crash when remapping file pages of a removed IPC ID. Install [xyxen72s] Use-after-free when processing switchdev events. Install [83ojhh6s] Divide-by-zero in the ALSA RME Hammerfall audio driver. Install [rc0xc3c4] Privilege escalation when chowning files on overlayfs mount. Install [t1bu1des] Use-after-free in the perf subsystem on error in the perf_event_open syscall. Install [38s4ghcb] SMAP bypass in 32bit compatibility syscall handler. Install [xya10lbt] BTRFS filesystem xattr data corruption during fast fsync(). Install [05qej9zi] BTRFS filesystem data corruption with no_holes and multiple truncates. Install [ewgh3nwa] BTRFS filesystem data loss during fsync() after rename and inode creation. Install [zogv6y7s] Multiple crashes with RDS (Reliable Datagram Sockets) over TCP. Install [j5fknf63] NULL pointer dereference in RDS over TCP during accept(). Install [htkan8zo] Use-after-free in Xen network device teardown. Install [kns889dc] Heap buffer overflow in internal Xen reply queue. Install [7uflvnij] Denial of service in BTRFS filesystem driver. Install [rgd2u0nb] Multiple data corruption issues in BTRFS filesystem driver. Install [56dpbu10] Kernel crash in HP Smart Array SAS Controller driver. Install [6q4o006n] Kernel infinite loop in SCSI disk driver. Install [93rz5hgf] Kernel panic in IPv6 forwarding of timewait sockets. Install [3e59ivmc] Kernel hang with Xen under nested virtualization. Install [rb7w6d57] Kernel crash in Xen block-device backend driver. Install [3gbuztol] Kernel BUG during scrub of BTRFS filesystem. Install [sjsw0zz6] CVE-2015-7833: Crash in USB vision driver when malicious device is connected. Install [27ea8xs6] CVE-2016-4913: Information leak in ISO9660 filename parsing. Install [ndqo6xfi] CVE-2016-4581: Denial-of-service in slave mount propagation. Install [mfbni72l] Memory leak in virtio balloon driver during inflation and deflation. Install [vjivzetn] Kernel deadlock in Emulex 10Gbps iSCSI driver. Install [bzg4r3ye] Kernel panic on machine check exception with offline cpu. Install [yfm9dr51] Memory leak in Broadcom QLogic bnx2 driver on initialization failure. Install [2mv564et] NULL pointer dereference in Brocade Fiber Channel driver on disconnection. Install [s6fw2dpk] Kernel memory corruption in Btrfs direct IO reads and writes. Install [k7r9m5v0] Denial-of-service when accepting userspace cryptographic sockets. Install [6cysves6] Permission bypass when checking credentials for filesystem accesses. Install [xji221sd] Denial of service in Emulex LightPulse device reset. Install [4efqsldi] Heap overflow in block driver on flush. Install [c0h2rik7] CVE-2016-4997, CVE-2016-4998: Privilege escalation in the Netfilter driver. Installing [mdovvlwf] Improve the interface to freeze tasks. Installing [nhdxempm] CVE-2016-4565: Privilege escalation in Infiniband ioctl. Installing [uadmmjua] CVE-2016-2117: Information leak in Atheros ATL2 transmission. Installing [u4qw4jdx] CVE-2016-6197, CVE-2016-6198: Denial-of-service in OverlayFS on XFS. Installing [j0o0d238] CVE-2015-8660: Permission bypass on overlayfs when setting file extended attributes. Installing [in658n2y] CVE-2016-4470: Denial-of-service in the keyring subsystem. Installing [lp3b4vzo] CVE-2016-5696: Session hijacking in TCP connections. Installing [g5n10jro] CVE-2015-8785: Infinite loop when submitting invalid io vectors to FUSE filesystem. Installing [qvypln00] CVE-2016-2069: Race condition in the TLB flush logic on multi-processors. Installing [fubymn3l] CVE-2015-8787: NULL pointer dereference in Netfilter NAT redirection. Installing [29shzoeu] CVE-2016-0723: Denial-of-service in TTY TIOCGETD ioctl(). Installing [iyyf5mc3] Stack buffer overflow in the HP Smart Array SCSI driver. Installing [p9jkup8d] Denial-of-service in ALSA SNDRV_SEQ_IOCTL_REMOVE_EVENTS ioctl(). Installing [5trmadhz] Use-after-free in ALSA sequencer timers. Installing [0kemd3n0] Privilege escalation in ALSA compatibility ioctl(). Installing [g5kga5kw] Denial-of-service in ALSA timer management. Installing [kghekfwi] Denial-of-service in ALSA TLV controls. Installing [y1fivdl9] Use-after-free in Intel audio device removal. Installing [wf4987ap] Use-after-free when taking a reference on an IPv6 label. Installing [pmxhuk5h] Denial-of-service in IPv6 stable_secret sysctl writing. Installing [6cng3h9y] Denial-of-service in SCTP protocol under memory pressure. Installing [9j8uda3z] Denial-of-service in Connector callback implementation. Installing [fizhyy51] Privilege escalation in network bridge startup. Installing [0sdd9nt0] Use-after-free in network destination cache removal. Installing [015zv6zt] Out-of-bounds access in SCTP cookie_hmac_alg sysctl writing. Installing [o1sqdmgn] Use-after-free in IPv6 SYNACK retransmission. Installing [czz300rq] Denial-of-service in SO_NO_CHECK sockets. Installing [7al0itnm] NULL pointer dereference in PhoNet packet reception. Installing [chhvzpr5] CVE-2016-2383: Undefined behaviour in Berkeley Packet Filter constant shifts. Installing [sfg3qe62] Denial-of-service in ISDN PPP device opening. Installing [vecx9mji] CVE-2015-7799: Denial-of-service in PPP compression slot parameters. Installing [ywge2v76] Information leak in HID core when connecting device. Installing [h1fzcvjn] Denial of service in Topro USB Camera ioctl. Installing [rk5fbc49] Memory leak in Realtek USB Wireless adapter when receiving malformed frames. Installing [v1j86ako] Privilege escalation in overlayfs extended attributes. Installing [2svmlu1o] Kernel panic when removing directory from overlay filesystem. Installing [kxuwfxw5] Memory leak when requeuing priority inversion futex. Installing [0l6ygvrj] Denial-of-service when parsing UDF indirect extents. Installing [izqgc784] Denial-of-service in block cache driver on device removal. Installing [4dojfzjt] Memory corruption when processing multibyte unicode filenames on UDF. Installing [7r0srh9n] Denial-of-service in BTRFS device array reading. Installing [nnx4ymjw] Memory corruption in Nouveau driver during connector hotplug. Installing [lytrplwr] Use-after-free in virtio balloon driver during compaction. Installing [l8dzuqb4] Information leak when reading directory entries on CIFS mount. Installing [anhwn031] Use-after-free in OCFS2 distributed lock manager. Installing [p53zywd9] Kernel panic when soft-offlining memory. Installing [we9rx462] Use-after-free when unregistering events in memory control group. Installing [tkxnuvw7] Use-after-free when failing to accept userspace cryptographic sockets. Installing [vwij25nr] Memory corruption when sending data to userspace cryptographic socket. Installing [tfadz0yc] Kernel panic when setting prctl MM values. Installing [0jvyx87q] Data loss in USB Modem driver during suspend and resume. Installing [hqqwruse] Crash in USB hub driver during device reset. Installing [p3c9p7tn] Crash in USB serial driver when malicious Treo device is connected. Installing [lcwxn667] CVE-2015-7566: Denial-of-service in USB Handspring Visor driver. Installing [rtmduzgc] Use-after-free when removing virtio PCI devices. Installing [36sz5euf] Crash in SCSI driver during power management suspend and resume. Installing [xgwvni1u] Deadlock when reading from rfkill sysfs file. Installing [nn2hvj9p] Kernel crash in userspace interface for hash algorithm when sending a message. Installing [pt45ej4e] Kernel log buffer flood in ALSA rawmidi driver. Installing [7d8frpop] Multiple kernel deadlocks in ALSA OSS emulation. Installing [cy1wkzmz] Multiple use-after-free in ALSA sequencers when closing the device. Installing [urmrrm0f] Memory corruption in ALSA rawmidi driver on concurrent read/write. Installing [j81y9jaz] Use-after-free when unloading xHCI host driver. Installing [3ic8chog] Denial-of-service in ALSA timer handling. Installing [1ag47m1z] Kernel deadlock when dumping the call stack on multiple CPUs. Installing [p66d24gh] Infinite loop when unmounting an OCFS2 filesystem using the kernel distributed lock manager. Installing [d7wae6pw] Kernel deadlock when validating a memory context. Installing [z3tqbzvk] Kernel panic when handling interrupts for SATA devices. Installing [nn8yh1r8] Kernel hang in Btrfs filesystem when using the BTRFS_IOC_INO_PATHS ioctl. Installing [trwlwuhf] Information leak in ALSA sound sub-system when parsing the HDMI EDID-Like-Data (ELD). Installing [x0wv59yr] Use-after-free in the kernel list library on concurrent hotplug events. Installing [halioyqa] Kernel panic when parsing VBT in Intel integrated graphics. Installing [5jsms2s6] Integer overflow in ext4 buffer allocation. Installing [zavamdat] Data corruption on ext4 filesystem when moving data to a donor file. Installing [35ls1brl] Memory leak in the ALSA audio driver on concurrent writes to the sequencer device. Installing [c9asia8l] Kernel crash when handling vmalloc page faults on large pages. Installing [ual35d59] Kernel deadlock in ALSA sound driver when handling pulse code modulation. Installing [v5sm9atv] Data loss in ext4 with concurrent direct IO operations. Installing [m8ktv3pc] Kernel panic when starting fastopen TCP connections. Installing [gex6ku8y] Memory leak when reading from AF_UNIX socket. Installing [jaqkvgea] Memory leak when sending IPv4 data with ancillary data. Installing [w3ucr08q] Information leak in the ATA 32 bits compat ioctl. Installing [sj71njz2] Memory leak in device mapper when requeuing requests. Installing [q720zpzm] Memory corruption when parsing numbers from NFS requests. Installing [vaqyzjze] Kernel deadlock in JFFS2 filesystem when writing. Installing [fmam69o9] Kernel panic when handling signals under Intel MPX. Installing [ggdqj0av] Kernel panic when failing to open file. Installing [4ugtzaij] Kernel panic when parsing filenames. Installing [cm5yw39p] Out of bounds memory access on reading a file from a SMB server. Installing [8ouqh5s2] Kernel hang when the function graph tracer is enabled on suspend. Installing [nejd813f] Heap overflow in the Unsorted Block Images (UBI) on volume update. Installing [0em64mbp] Kernel panic when using receive aggregation on WiFi. Installing [yyy44gmu] Possible frame injection on encrypted WiFi using Galois/Counter Mode Protocol. Installing [ul0r053a] Denial-of-service in JFFS2 when recovering a halfway failed rename. Installing [7i25yfkl] Information leak to KVM guests when the the host is using PEBS tracing. Installing [iqjcnvc9] Denial-of-service when running KVM guest with Extended Page Table disabled. Installing [el6110l4] Kernel deadlock in the USB HID stack on interrupt. Installing [be452d8p] Memory leak in btrfs superblock validation. Installing [csyikupa] Kernel panic when writing a single page to a btrfs filesystem. Installing [58tj7xii] Kernel panic when accessing symlinks on btrfs volume. Installing [dnxjh1as] Memory leak when creating hard link on btrfs volume. Installing [wt6hbic0] Use-after-free when tracing a work queueing in Btrfs filesystem. Installing [tofygh65] CVE-2015-7513: Divide-by-zero in KVM when reloading the programmable interrupt timer. Installing [erxi8kn0] Denial-of-service when updating a negatively instantiated user cryptographic key. Installing [19xdhl89] NULL pointer dereference in TTY line discipline reception. Installing [j4hdfxbf] Filesystem corruption in EXT4 extent moving. Installing [6pkvalrk] Denial-of-service in NFS server buffer decoding. Installing [etmgkfsh] Kernel crash in disk quota initialization. Installing [msycyr7w] Kernel crash in block cache device initialization. Installing [mze2l7t6] NULL pointer dereference in block cache registration failure. Installing [ubidlkf9] Journalling filesystem corruption on unmount under memory pressure. Installing [19qbp1kt] Use-after-free in FUSE filesystems with direct, asynchronous I/O. Installing [zx03u41m] CVE-2016-2186: Denial of service in Griffin PowerMate USB descriptor parsing. Installing [n6vjz8o9] CVE-2016-2184: Denial of service in ALSA USB audio descriptor parsing. Installing [hcyy40ng] Denial-of-service in NFS secinfo+readdir operations. Installing [5fc7zave] CVE-2016-2188: Denial of service in IO Warrior USB descriptor parsing. Installing [rdlmjqs1] Denial of service in generic USB interface management. Installing [7vibanga] CVE-2016-3138: Denial of service in CDC ADM USB descriptor parsing. Installing [zlsqcgw5] Denial-of-service in pipe splicing with no pages. Installing [3jde7dfg] Denial-of-service in KVM invept instruction emulation. Installing [cbx8wk7c] Denial-of-service in KVM VCPU creation. Installing [gcml7smx] Denial-of-service in coredump writing. Installing [1gdy967x] CVE-2016-2185: Denial of service in ATI/Philips USB RF remote descriptor parsing. Installing [nik5wgnt] Kernel hang in OCFS2 Distributed Lock Manager convert and recovery operations. Installing [0wk20x0r] Kernel crash in OCFS2 Distributed Lock Manager during master loss. Installing [i8dl229b] CVE-2016-3136: Denial of service in MCT Serial USB descriptor parsing. Installing [pwd2bjm4] CVE-2016-3137: Denial of service in USB Cypress M8 descriptor parsing. Installing [4ioo8hzw] Memory corruption when inserting data into associative arrays. Installing [qr9r8r5u] Use after free when disabling a USB XHCI device. Installing [7nmjtbf9] Kernel crash when remapping file pages of a removed IPC ID. Installing [xyxen72s] Use-after-free when processing switchdev events. Installing [83ojhh6s] Divide-by-zero in the ALSA RME Hammerfall audio driver. Installing [rc0xc3c4] Privilege escalation when chowning files on overlayfs mount. Installing [t1bu1des] Use-after-free in the perf subsystem on error in the perf_event_open syscall. Installing [38s4ghcb] SMAP bypass in 32bit compatibility syscall handler. Installing [xya10lbt] BTRFS filesystem xattr data corruption during fast fsync(). Installing [05qej9zi] BTRFS filesystem data corruption with no_holes and multiple truncates. Installing [ewgh3nwa] BTRFS filesystem data loss during fsync() after rename and inode creation. Installing [zogv6y7s] Multiple crashes with RDS (Reliable Datagram Sockets) over TCP. Installing [j5fknf63] NULL pointer dereference in RDS over TCP during accept(). Installing [htkan8zo] Use-after-free in Xen network device teardown. Installing [kns889dc] Heap buffer overflow in internal Xen reply queue. Installing [7uflvnij] Denial of service in BTRFS filesystem driver. Installing [rgd2u0nb] Multiple data corruption issues in BTRFS filesystem driver. Installing [56dpbu10] Kernel crash in HP Smart Array SAS Controller driver. Installing [6q4o006n] Kernel infinite loop in SCSI disk driver. Installing [93rz5hgf] Kernel panic in IPv6 forwarding of timewait sockets. Installing [3e59ivmc] Kernel hang with Xen under nested virtualization. Installing [rb7w6d57] Kernel crash in Xen block-device backend driver. Installing [3gbuztol] Kernel BUG during scrub of BTRFS filesystem. Installing [sjsw0zz6] CVE-2015-7833: Crash in USB vision driver when malicious device is connected. Installing [27ea8xs6] CVE-2016-4913: Information leak in ISO9660 filename parsing. Installing [ndqo6xfi] CVE-2016-4581: Denial-of-service in slave mount propagation. Installing [mfbni72l] Memory leak in virtio balloon driver during inflation and deflation. Installing [vjivzetn] Kernel deadlock in Emulex 10Gbps iSCSI driver. Installing [bzg4r3ye] Kernel panic on machine check exception with offline cpu. Installing [yfm9dr51] Memory leak in Broadcom QLogic bnx2 driver on initialization failure. Installing [2mv564et] NULL pointer dereference in Brocade Fiber Channel driver on disconnection. Installing [s6fw2dpk] Kernel memory corruption in Btrfs direct IO reads and writes. Installing [k7r9m5v0] Denial-of-service when accepting userspace cryptographic sockets. Installing [6cysves6] Permission bypass when checking credentials for filesystem accesses. Installing [xji221sd] Denial of service in Emulex LightPulse device reset. Installing [4efqsldi] Heap overflow in block driver on flush. Installing [c0h2rik7] CVE-2016-4997, CVE-2016-4998: Privilege escalation in the Netfilter driver. Your kernel is fully up to date. Effective kernel version is 4.1.12-61.1.10.el6uek [root@ovm ~]# [root@ovm ~]# uptrack-upgrade –n Nothing to be done. Your kernel is fully up to date. Effective kernel version is 4.1.12-61.1.10.el6uek [root@ovm ~]#查看配置文件/etc/uptrack/uptrack.conf
[root@ovm ~]# ls -l /etc/uptrack/uptrack.conf -rw-r-----. 1 root adm 2400 Oct 5 11:25 /etc/uptrack/uptrack.conf [root@ovm ~]# egrep 'accesskey|autoinstall' /etc/uptrack/uptrack.conf accesskey = 5cb81cb0359f6c3dcf0a9d10bfee7550a46ed4860368d615913cf30c5ef6d868 # Please note that enabling autoinstall does not mean the Uptrack autoinstall = no [root@ovm ~]# egrep 'accesskey|autoinstall|on_reboot' /etc/uptrack/uptrack.conf|grep -v ^# accesskey = 5cb81cb0359f6c3dcf0a9d10bfee7550a46ed4860368d615913cf30c5ef6d868 #授权的key install_on_reboot = yes #是否在reboot时候安装更新 autoinstall = no #是否自动安装更新 [root@ovm ~]#查看版本
[root@ovm ~]# uname -r 4.1.12-37.4.1.el6uek.x86_64 [root@ovm ~]# uptrack-uname -r 4.1.12-61.1.10.el6uek.x86_64 [root@ovm ~]#注意:ksplice更新的是当前运行的内存内核,而uname所查看的是磁盘文件中记录的版本
从内核中移除更新
# uptrack-remove --all
Reference
http://docs.oracle.com/cd/E52668_01/E39380/html/ol_instyum_ksplice.htmlhttp://ksplice.oracle.com/uptrack/guide
http://ksplice.oracle.com/legacy#installing-uptrack
http://baike.baidu.com/view/8133328.htm
http://www.ibm.com/developerworks/cn/aix/library/au-spunix_ksplice/