Oracle Ksplice for Zero-Downtime Updates

Use Oracle Ksplice to apply critical security patches to Linux kernels on Oracle Cloud Infrastructure instances without requiring a reboot. On Oracle Linux, Ksplice also updates the glibc and OpenSSL user space libraries, applying critical security patches without disrupting workloads.

What does Ksplice update?

The kernel with critical security patches
glibc and OpenSSL user space libraries with critical security patches (Oracle Linux only)

Do I need to continue regular maintenance updates?

Yes, continue to apply updates to your entire system at regular intervals based on your organization's best practices.

Ksplice updates occur in-memory, effectively making the change immediate without a reboot. This is different than a traditional kernel update, which requires a reboot to update the system. Ksplice applies critical security patches, but there are other errata updates and bug fixes you should apply at regular intervals. See Maintaining the System for more information.

Using Oracle Ksplice

For complete documentation, see the Oracle Linux: Ksplice User's Guide.

Note

Some information sources reference Ksplice Uptrack clients and the uptrack command. You can optionally use the ksplice command in place of the uptrack command to manage kernel updates and patches. For exploit detection and userspace updates, consider using the Enhanced Client instead.

Installing Ksplice

Do I need to install Ksplice?

Oracle Linux platform instances on Oracle Cloud Infrastructure have Ksplice already installed (unless created before August 25, 2017).

You only need to install Ksplice if using:

Oracle Linux platform images created before August 25, 2017
Your own Oracle Linux image (BYOI)
Supported third-party Linux distributions (Ubuntu)

Note

Oracle no longer maintains Ksplice patches for RHEL kernels. If the instance is running RHEL, you must switch to RHCK to use Ksplice kernel patches. See Kernels Actively Maintained with Ksplice.

Do I need to register with ULN?

You don't need to register through ULN to use Ksplice on Oracle Cloud Infrastructure. Systems running on Oracle Cloud Infrastructure have automatic access to the Ksplice servers and all Ksplice updates.

How to install Ksplice:

Verify the kernel version is supported. See Which Kernels are Actively Maintained with Ksplice?.
Connect to your Linux instance using Secure Shell (SSH). See Accessing an Instance for more information.

Download the Ksplice installer for Oracle Cloud Infrastructure.

sudo wget -N https://www.ksplice.com/uptrack/install-uptrack-oc

After the script downloads, install Ksplice:

To enable the automatic installation of updates:
```
sudo sh install-uptrack-oc --autoinstall
```
If you don't want Ksplice to automatically install updates, run the script without the command line switch:
```
sudo sh install-uptrack-oc
```
To apply the latest Ksplice updates, see Running Ksplice.

Enabling Automatic Oracle Ksplice Updates

Oracle recommends configuring automatic Ksplice updates whenever possible.

For Oracle Autonomous Linux Instances

No additional configuration is required. Ksplice is already installed and configured by default to run automatic updates.

For Other Linux Instances

Set the value of autoinstall to yes in /etc/uptrack/uptrack.conf.

Running Ksplice

To install available updates, use the ksplice upgrade command with the -y option. For example:

sudo ksplice -y all upgrade

If you have enabled automatic Ksplice updates, you don't need to run the upgrade command as this action is performed regularly and automatically for you. See Enabling Automatic Oracle Ksplice Updates for more information.

Getting Help with Ksplice

For comprehensive information about Ksplice, refer to the manual:

man ksplice

For more summarized help information, use:

ksplice --help

See Using Oracle Ksplice in Oracle Linux for a hands-on tutorial on using Ksplice.

Viewing Current Patch Information

To display the updates and patches that Ksplice has applied to the system:

sudo ksplice all show

The output includes the effective kernel version. If no patches had been applied, then the kernel version would match the output of the uname -r command.

You can limit the output to display only the updates to specific subsystems. To display the effective kernel version:

sudo ksplice kernel show

Managing Ksplice Updates Using OS Management Hub

OS Management Hub offers the convenience of managing and configuring Ksplice updates for managed instances whether you’re running Oracle Autonomous Linux or Oracle Linux. For more information, see Oracle Linux Package Management.

Which Kernels are Actively Maintained with Ksplice?

Only specific kernels are actively maintained by Ksplice on Oracle Cloud Infrastructure.

For questions about supported kernels, send an email to ksplice-support_ww@oracle.com.

Kernels Actively Maintained with Ksplice


Actively Maintained Kernel Type	Additional Information
UEK R7 (aarch64) starting with `5.15.0-0.30.19` (released Jun 30, 2022).
UEK R7 (x86_64) starting with `5.15.0-0.30.19` (released Jun 30, 2022).
UEK R6 (aarch64) starting with `5.4.17-2011.0.7` (released Mar 17, 2020).
UEK R6 (x86_64) starting with `5.4.17-2011.1.2` (released Apr 27, 2020).
UEK R5 (aarch64) starting with `4.14.35-1902.300.11` (released Mar 18, 2020).
UEK R5 (x86_64) starting with `4.14.35-1818.0.9` (released Jun 20, 2018).
UEK R4 starting with `4.1.12-32` (released Jan 25, 2016).	Must be version `v4.1.12-124.45.6` or later to be actively maintained with Ksplice on Oracle Linux 6. See Kernels No Longer Actively Maintained With Ksplice.
Oracle Linux 9 Red Hat Compatible Kernels (RHCK) starting with the official release.
Oracle Linux 8 Red Hat Compatible Kernels (RHCK) starting with the official release.
Oracle Linux 7 Red Hat Compatible Kernels (RHCK) starting with the official release.
Oracle Linux 6 Red Hat Compatible Kernels (RHCK) starting with the official release.	Must be version `2.6.32-754.35.1` or later to be actively maintained with Ksplice on Oracle Linux 6. See Kernels No Longer Actively Maintained With Ksplice.
Ubuntu 24.04 Noble kernels and Hardware Enablement (HWE) kernels, starting with the official release.	Kernels include `6.8` versions.
Ubuntu 22.04 Jammy kernels, starting with the official release.	Kernels include `5.15` and `6.8` versions.

Kernels No Longer Actively Maintained With Ksplice

The following kernels don't receive Ksplice updates, but any Ksplice updates previously issued are still available.

To maintain any of the following kernels on a listed Linux distribution, you need to manually upgrade them by using the yum update or dnf update command, or in the case of Ubuntu, by using the apt command. Kernel updates that don't use Ksplice require system reboots to be effective.

If you're running any of these kernel types on either Oracle Linux 6 or Oracle Linux 7, update to the minimum version of UEK R4.


Kernel Type	Kernel Version	Releases No Longer Actively Maintained
UEK R4	Versions earlier than `v4.1.12-124.45.6`	Oracle Linux 6
UEK R3	All Versions	Oracle Linux 6 Oracle Linux 7
UEK R2	All versions	Oracle Linux 6
RHCK	Versions earlier than `2.6.32-754.35.1`	Oracle Linux 6
Kernels shipped with RHEL 9.	All versions	RHEL 9
CentOS and RHEL 8 kernels.	All versions	RHEL or CentOS Linux 8
CentOS and RHEL 7 kernels.	All versions	RHEL or CentOS Linux 7
Kernels shipped in RHEL/CentOS Linux 6	All versions	RHEL or CentOS Linux 6
Kernels shipped in Ubuntu 20.04 LTS	All versions	Ubuntu 20.04 LTS (Focal Fossa)
Kernels shipped in Ubuntu 18.04 LTS.	All versions	Ubuntu 18.04 LTS (Bionic Beaver)
Kernels shipped in Ubuntu 16.04 LTS	All versions	Ubuntu 16.04 LTS (Xenial Xerus)

More Information

For complete Oracle Ksplice documentation, see the Oracle Linux: Ksplice User's Guide.
You can also find more information at:
- Oracle Ksplice
- Ksplice Overview

Oracle Cloud Infrastructure Documentation