Update Shared Libraries without Reboots with KernelCare+
Sign up for 
To operate servers securely, it’s not enough to patch their Linux kernels. Their shared software libraries must be patched as well. Otherwise, an enterprise lays itself open to attacks that exploit vulnerabilities such as Heartbleed or GHOST.
The usual way that enterprises deal with library vulnerabilities is by rebooting their servers. Admins rarely know exact libraries that services were using, so they just reboot the whole server to update them all. These reboots, however, bring serious problems:
1. Server downtime: When servers are down, websites go down, and display only error messages to visitors. After rebooting, it can take some time for server performance to stabilize, and occasionally servers don’t come back up properly after a reboot.
2. Windows of vulnerability: Because rebooting is laborious and problematic, enterprises often only do it on a periodically scheduled basis, leaving their servers open to attack. Even if they reboot every 30 days to comply with security standards, their servers may be vulnerable for two weeks or more.
In case servers have been patched manually, without a reboot, shared libraries may still contain vulnerabilities. When libraries are updated on disk, old unpatched files can persist in a server’s memory. Also, vulnerability scanners don’t detect these old unpatched library files in memory.
KernelCare+ patches shared libraries without rebooting. The package includes:
Linux kernel patching;glibc patching;OpenSSL patching;Puppet, Ansible, Chef integrations and deployment assistance;Nessus, Qualys, and Rapid7 integrations and reporting setup assistance;ePortal for enterprises who require a private patch server inside their secured environment;Premium Support 24/7 with LiveChat.
