[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Efficient way to keep track of security updates


Yesterday a security upgrade for eglibc was announced and my question is how do you find if this applies to your server or not and for which packages (it's just an example, could be something else then eglibc)?

Searching the list of installed packages for the exact name returns nothing. Searching by a simpler name like libc returns this:

ii  klibc-utils              2.0.1-3.1
ii  libc-bin                 2.13-38+deb7u6
ii  libc-dev-bin             2.13-38+deb7u6
ii  libc6:amd64              2.13-38+deb7u6
ii  libc6-dev:amd64          2.13-38+deb7u6
ii  libcap-ng0               0.6.6-2
ii  libcap2:amd64            1:2.22-1.2
ii  libclass-isa-perl        0.36-3
ii  libcomerr2:amd64         1.42.5-1.1
ii  libconfig-inifiles-perl  2.75-1
ii  libcurl3:amd64           7.26.0-1+wheezy12
ii  libcurl3-gnutls:amd64    7.26.0-1+wheezy12
ii  libcwidget3              0.5.16-3.4
ii  libklibc                 2.0.1-3.1
ii  liblocale-gettext-perl   1.05-7+b1
ii  linux-libc-dev:amd64     3.2.65-1+deb7u1

So now I know that libc-bin, libc-dev-bin, libc6:amd6 and libc6-dev:amd64 need to be upgraded. But this list is missing locales and multiarch-support which seem to be affected by the same security upgrade and I found them by searching for the exact version number (2.13-38+deb7u6). Apticron is doing a great job in fixing this problem but when you have tens of servers with different packages installed, receiving tens of emails regarding a certain security upgrade is something I would avoid. Has anyone found a solution for this?


Reply to: