On Wed, Jan 28, 2015 at 4:06 PM, Tiberiu Popescu wrote: > Yesterday a security upgrade for eglibc was announced and my question is how > do you find if this applies to your server or not and for which packages > (it's just an example, could be something else then eglibc)?
Every Debian machine uses eglibc/glibc so this applies to every server running Debian in some way. To find out if Debian is affected by a particular security issue and if it is fixed, look up the CVE on the security tracker: https://security-tracker.debian.org/tracker/CVE-2015-0235 To find out if a particular source package is affected by any security issues, look up the package in the security tracker: https://security-tracker.debian.org/tracker/source-package/eglibc To get advanced warning of security issues on your system before they are fixed, install the debsecan package. It has a whitelist function for issues that only affect some usage situations. > Searching the list of installed packages for the exact name returns nothing. > Searching by a simpler name like libc returns this: eglibc/glibc are source package names, not binary package names. A quick way of getting the installed binary packages for a particular source package is to use aptitude or visit the packages website: aptitude search '~i?source-package(^eglibc$)' https://packages.debian.org/src:eglibc > receiving tens of emails regarding a certain security upgrade is something I > would avoid. You could just subscribe to debian-security-announce: https://lists.debian.org/debian-security-announce/ You could install and configure the unattended-upgrades package instead of using apticron. Please note that you still need to do reboots after Linux kernel updates and relevant restart processes after library upgrades. You can use needrestart (jessie and later) or checkrestart (from debian-goodies) to find out which processes to restart. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/CAKTje6F=6x9k+9r3vkbapfpf6cupphofqvf_hsm23tnn_7h...@mail.gmail.com
