Choosing a Ksplice Client

You have the option to choose between the Ksplice Enhanced Client and the Ksplice Uptrack Client.

Table 2-1 Features Supported by Each Ksplice Client

Ksplice Client	User Space Support	x86_64 Support	Arm (aarch64) Support	Xen Hypervisor Patching Support	Known Exploit Detection Support	Legacy Compatibility (Pre-acquisition customers)
Ksplice Enhanced Client	Supported	Supported	Supported	Supported on x86_64 platform only	Supported on x86_64 platform only	Not supported
Ksplice Uptrack Client	Not supported	Supported	Supported	Not Supported	Not supported	Supported

For legacy compatibility, Oracle continues to support kernels for various Linux distributions for pre-acquisition customers. For more information, see https://ksplice.oracle.com/legacy#supported-kernels.

About the Ksplice Enhanced Client

The Ksplice Enhanced Client provides more functionality than the Ksplice Uptrack Client.

In addition to the kernel updates that are applied by the Uptrack Client, the Enhanced Client can patch in-memory pages for the Ksplice-aware glibc and openssl shared libraries for user space processes. User space patching can install bug fixes and protect the system against security vulnerabilities without restarting processes and services.

Key features of the Enhanced Client include:

Kernel and user space updates (the Uptrack Client only supports kernel updates)
Patching of Xen hypervisor on Oracle VM Server Release 3.4.5, and later (requires minimum xen-4.4.4-196.el6.x86_64.rpm)
Known exploit detection
Online and offline mode
Use of the ksplice command

Note:

The Enhanced Client shares the same configuration file as the Uptrack Client, which is the /etc/uptrack/uptrack.conf file. For more information about this file, see Configuring the Ksplice Uptrack Client.

About the Ksplice Uptrack Client

Ksplice Uptrack can apply the latest kernel security errata for Common Vulnerabilities and Exposures (CVEs) without halting the system or restarting any applications. Ksplice Uptrack applies the updated patches in the background with negligible impact, and only requires a pause of a few milliseconds.

Key features of the Uptrack Client include:

Kernel updates (to also apply user space updates, consider the Ksplice Enhanced Client instead)
Online and offline mode
Use of the uptrack command

About Ksplice Offline Mode

You can use either the Ksplice Enhanced Client or Ksplice Uptrack Client in offline mode. The offline version doesn't require a direct connection to the Oracle Uptrack server or to ULN. For example, you could use the yum command to install an update package directly from a memory stick. However, a more typical method would be to configure a local ULN mirror that acts as a mirror for the Ksplice-aware ULN channels. Then, you can configure systems to receive yum and Ksplice updates.

Oracle bundles all available Ksplice updates for each supported kernel version or user space package into an RPM that's specific to that version. Oracle updates this package every time a new Ksplice patch becomes available for the kernel. You can download the latest Ksplice update packages to the local ULN server periodically. Then, the Ksplice server can connect to the local server to receive updates without requiring direct access to the Oracle Uptrack server.

Offline mode doesn't support:

Ksplice web interface
Ksplice Uptrack API
Patching the Xen hypervisor on Oracle VM Server

Important:

If you have booted the most recent available kernel and no Ksplice updates are available, an offline update RPM for that kernel might not yet exist. Offline update RPMs are made available shortly after the kernel releases. However, these RPMs might require more time to synchronize with the local repository that you have set up.

For more information, see: