RE: determining which patches to apply...
Turns out that we are running a developers version of Oracle (8.1.7) in
which are dependant on potato's library's and if we were to run apt-get it
would break Oracle and perhaps a few other apps running.
again fairly new and trying to get my head around how exacally unix works.
if potato is no longer being supported, does that mean if there is a
vulnerability in, let's say an old library, will they update that in woody,
but not potato?
-----Original Message-----
From: John Kuhn [mailto:johnk@penguin.grdl.noaa.gov]On Behalf Of John
Kuhn
Sent: Friday, March 21, 2003 1:57 PM
To: debian-security@lists.debian.org
Subject: Re: determining which patches to apply...
On Fri, Mar 21, 2003 at 07:19:35PM -0000, David Ramsden wrote:
> ----- Original Message -----
> From: "Jeremy Choy" <jchoy@manlab.com>
> To: "debian security lists" <debian-security@lists.debian.org>
> Sent: Friday, March 21, 2003 6:42 PM
> Subject: determining which patches to apply...
>
>
> > first off, is there a way to check what's installed/running for packages
> > besides ps aux ( so I can check if the vulnerability will affect my
> > machines )
>
> I'd also like to know this one.
> Something related to apt-cache possibly? I've yet to properly look through
> the man page for apt-cache.
How about: dpkg -l libc6
> >
> > and how do I know which 'fix' I should apply? I'm generally good, when
> it's
> > something like apache, php, mysql as I know I have it installed. But for
> > things like vulnerabilities in glibc. (or other library's) how do you
tell
> > if you have it or not?
> >
> [snip]
>
> This is the beauty of apt-get - It'll take care of everything for you.
> Here is what I suggest...
> Make sure you have the following in /etc/apt/source.list:
> deb http://security.debian.org/ stable/updates main
The original poster indicated that they were running potato. They should
put the following line in /etc/apt/sources.list:
deb http://security.debian.org/debian-security oldstable/updates main
contrib non-free
Note that security updates for potato are scheduled to end (June?).
> Now all you need to do is:
> apt-get update
> apt-get upgrade
>
> This will go off to all the sources in /etc/apt/sources.list and get the
> latest package descriptions versions etc. so your machine knows what's the
> latest version of packages (this is what apt-get update does).
> Secondly, it'll compare what you currently have installed (application,
core
> files etc.) to what the latest versions are. If there are newer versions
> availble from Debian, it'll go off and download these.
>
> The important apt source is the security one - This is were Debian release
> security fixes for packages.
>
> What I do for all my machines is have a shell script, placed in
> /etc/cron.daily that contains the following:
> #!/bin/sh
> apt-get update
> apt-get --simulate --assume-yes upgrade
> apt-get autoclean
>
> Every day, this will simulate an upgrade of your packages with the latest.
> You can see what will be installed, what will be upgraded, if it'll work
> etc. etc.
>
> HTH. Regards,
> David.
> --
> David Ramsden
> http://portal.hexstream.eu.org/
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: