3.11.1 Configuring Update and Patch Management

Effective security practice relies on keeping system software up to date. It is therefore essential to apply system security updates as soon as they are published. It is strongly recommended that you register every IT system with an update management infrastructure. For Oracle Linux systems, the Unbreakable Linux Network (ULN) tracks system software release levels, and advises you as soon as critical updates become available. Updates and errata are also available at no charge from the Oracle Linux yum server.

Updating the kernel or core system libraries typically requires a system reboot. In mission-critical enterprise and cloud environments, crucial updates might not get installed until you reboot the systems during a scheduled maintenance window. As a result, systems that support critical business applications could be running while they are not protected from known vulnerabilities. To tackle this problem, Oracle Linux Premier Support includes access to Ksplice Uptrack, which is an innovative technology that allows administrators to apply security updates, patches, and critical bug fixes to the running kernel without requiring a reboot. Ksplice Uptrack improves the security, reliability, and availability of Oracle Linux systems by enabling zero downtime updates, helping to keep systems up to date without downtime or service disruption.

For more information about Ksplice, see https://oss.oracle.com/ksplice/docs/ksplice-quickstart.pdf.