Re: determining which patches to apply...
----- Original Message -----
From: "Jeremy Choy" <jchoy@manlab.com>
To: "debian security lists" <debian-security@lists.debian.org>
Sent: Friday, March 21, 2003 6:42 PM
Subject: determining which patches to apply...
> first off, is there a way to check what's installed/running for packages
> besides ps aux ( so I can check if the vulnerability will affect my
> machines )
I'd also like to know this one.
Something related to apt-cache possibly? I've yet to properly look through
the man page for apt-cache.
>
> and how do I know which 'fix' I should apply? I'm generally good, when
it's
> something like apache, php, mysql as I know I have it installed. But for
> things like vulnerabilities in glibc. (or other library's) how do you tell
> if you have it or not?
>
[snip]
This is the beauty of apt-get - It'll take care of everything for you.
Here is what I suggest...
Make sure you have the following in /etc/apt/source.list:
deb http://security.debian.org/ stable/updates main
Now all you need to do is:
apt-get update
apt-get upgrade
This will go off to all the sources in /etc/apt/sources.list and get the
latest package descriptions versions etc. so your machine knows what's the
latest version of packages (this is what apt-get update does).
Secondly, it'll compare what you currently have installed (application, core
files etc.) to what the latest versions are. If there are newer versions
availble from Debian, it'll go off and download these.
The important apt source is the security one - This is were Debian release
security fixes for packages.
What I do for all my machines is have a shell script, placed in
/etc/cron.daily that contains the following:
#!/bin/sh
apt-get update
apt-get --simulate --assume-yes upgrade
apt-get autoclean
Every day, this will simulate an upgrade of your packages with the latest.
You can see what will be installed, what will be upgraded, if it'll work
etc. etc.
HTH. Regards,
David.
--
David Ramsden
http://portal.hexstream.eu.org/
Reply to: