[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: determining which patches to apply...

On Fri, Mar 21, 2003 at 07:19:35PM -0000, David Ramsden wrote:
> ----- Original Message -----
> From: "Jeremy Choy" <jchoy@manlab.com>
> To: "debian security lists" <debian-security@lists.debian.org>
> Sent: Friday, March 21, 2003 6:42 PM
> Subject: determining which patches to apply...
> 
> 
> > first off, is there a way to check what's installed/running for packages
> > besides ps aux ( so I can check if the vulnerability will affect my
> > machines )
> 
> I'd also like to know this one.
> Something related to apt-cache possibly? I've yet to properly look through
> the man page for apt-cache.

How about:  dpkg -l libc6

> >
> > and how do I know which 'fix' I should apply? I'm generally good, when
> it's
> > something like apache, php, mysql as I know I have it installed. But for
> > things like vulnerabilities in glibc. (or other library's) how do you tell
> > if you have it or not?
> >
> [snip]
> 
> This is the beauty of apt-get - It'll take care of everything for you.
> Here is what I suggest...
> Make sure you have the following in /etc/apt/source.list:
> deb http://security.debian.org/ stable/updates main

The original poster indicated that they were running potato.  They should
put the following line in /etc/apt/sources.list:

deb http://security.debian.org/debian-security oldstable/updates main contrib non-free

Note that security updates for potato are scheduled to end (June?).

> Now all you need to do is:
> apt-get update
> apt-get upgrade
> 
> This will go off to all the sources in /etc/apt/sources.list and get the
> latest package descriptions versions etc. so your machine knows what's the
> latest version of packages (this is what apt-get update does).
> Secondly, it'll compare what you currently have installed (application, core
> files etc.) to what the latest versions are. If there are newer versions
> availble from Debian, it'll go off and download these.
> 
> The important apt source is the security one - This is were Debian release
> security fixes for packages.
> 
> What I do for all my machines is have a shell script, placed in
> /etc/cron.daily that contains the following:
> #!/bin/sh
> apt-get update
> apt-get --simulate --assume-yes upgrade
> apt-get autoclean
> 
> Every day, this will simulate an upgrade of your packages with the latest.
> You can see what will be installed, what will be upgraded, if it'll work
> etc. etc.
> 
> HTH. Regards,
> David.
> --
> David Ramsden
> http://portal.hexstream.eu.org/
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: