----- Original Message ----- From: "Jeremy Choy" <[EMAIL PROTECTED]> To: "debian security lists" <[email protected]> Sent: Friday, March 21, 2003 6:42 PM Subject: determining which patches to apply...
> first off, is there a way to check what's installed/running for packages > besides ps aux ( so I can check if the vulnerability will affect my > machines ) I'd also like to know this one. Something related to apt-cache possibly? I've yet to properly look through the man page for apt-cache. > > and how do I know which 'fix' I should apply? I'm generally good, when it's > something like apache, php, mysql as I know I have it installed. But for > things like vulnerabilities in glibc. (or other library's) how do you tell > if you have it or not? > [snip] This is the beauty of apt-get - It'll take care of everything for you. Here is what I suggest... Make sure you have the following in /etc/apt/source.list: deb http://security.debian.org/ stable/updates main Now all you need to do is: apt-get update apt-get upgrade This will go off to all the sources in /etc/apt/sources.list and get the latest package descriptions versions etc. so your machine knows what's the latest version of packages (this is what apt-get update does). Secondly, it'll compare what you currently have installed (application, core files etc.) to what the latest versions are. If there are newer versions availble from Debian, it'll go off and download these. The important apt source is the security one - This is were Debian release security fixes for packages. What I do for all my machines is have a shell script, placed in /etc/cron.daily that contains the following: #!/bin/sh apt-get update apt-get --simulate --assume-yes upgrade apt-get autoclean Every day, this will simulate an upgrade of your packages with the latest. You can see what will be installed, what will be upgraded, if it'll work etc. etc. HTH. Regards, David. -- David Ramsden http://portal.hexstream.eu.org/
