Hi Paul, Thanks for the tips, I think the links you sent me and aptitude fixed my problem. I have one more question: checkrestart lists the processes that need to be restarted so I can do that without a reboot but, except a kernel upgrade, are there any other cases when a reboot is still required so that the kernel uses the new versions? For example with eglibc I restarted the affected services. Do I still have to reboot?
2015-01-28 10:59 GMT+02:00 Paul Wise <[email protected]>: > On Wed, Jan 28, 2015 at 4:06 PM, Tiberiu Popescu wrote: > > > Yesterday a security upgrade for eglibc was announced and my question is > how > > do you find if this applies to your server or not and for which packages > > (it's just an example, could be something else then eglibc)? > > Every Debian machine uses eglibc/glibc so this applies to every server > running Debian in some way. > > To find out if Debian is affected by a particular security issue and > if it is fixed, look up the CVE on the security tracker: > > https://security-tracker.debian.org/tracker/CVE-2015-0235 > > To find out if a particular source package is affected by any security > issues, look up the package in the security tracker: > > https://security-tracker.debian.org/tracker/source-package/eglibc > > To get advanced warning of security issues on your system before they > are fixed, install the debsecan package. It has a whitelist function > for issues that only affect some usage situations. > > > Searching the list of installed packages for the exact name returns > nothing. > > Searching by a simpler name like libc returns this: > > eglibc/glibc are source package names, not binary package names. A > quick way of getting the installed binary packages for a particular > source package is to use aptitude or visit the packages website: > > aptitude search '~i?source-package(^eglibc$)' > https://packages.debian.org/src:eglibc > > > receiving tens of emails regarding a certain security upgrade is > something I would avoid. > > You could just subscribe to debian-security-announce: > > https://lists.debian.org/debian-security-announce/ > > You could install and configure the unattended-upgrades package > instead of using apticron. Please note that you still need to do > reboots after Linux kernel updates and relevant restart processes > after library upgrades. You can use needrestart (jessie and later) or > checkrestart (from debian-goodies) to find out which processes to > restart. > > -- > bye, > pabs > > https://wiki.debian.org/PaulWise > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: > https://lists.debian.org/CAKTje6F=6x9k+9r3vkbapfpf6cupphofqvf_hsm23tnn_7h...@mail.gmail.com > > -- Tiberiu
