[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Efficient way to keep track of security updates

On Wed, Jan 28, 2015 at 4:06 PM, Tiberiu Popescu wrote:

> Yesterday a security upgrade for eglibc was announced and my question is how
> do you find if this applies to your server or not and for which packages
> (it's just an example, could be something else then eglibc)?

Every Debian machine uses eglibc/glibc so this applies to every server
running Debian in some way.

To find out if Debian is affected by a particular security issue and
if it is fixed, look up the CVE on the security tracker:


To find out if a particular source package is affected by any security
issues, look up the package in the security tracker:


To get advanced warning of security issues on your system before they
are fixed, install the debsecan package. It has a whitelist function
for issues that only affect some usage situations.

> Searching the list of installed packages for the exact name returns nothing.
> Searching by a simpler name like libc returns this:

eglibc/glibc are source package names, not binary package names. A
quick way of getting the installed binary packages for a particular
source package is to use aptitude or visit the packages website:

aptitude search '~i?source-package(^eglibc$)'

> receiving tens of emails regarding a certain security upgrade is something I would avoid.

You could just subscribe to debian-security-announce:


You could install and configure the unattended-upgrades package
instead of using apticron. Please note that you still need to do
reboots after Linux kernel updates and relevant restart processes
after library upgrades. You can use needrestart (jessie and later) or
checkrestart (from debian-goodies) to find out which processes to



Reply to: