This page has instructions for keeping your Linux computer up-to-date with security updates and patches. The mechanisms differ for each distribution.


On the desktop, you'll be notified if you need to install any patches. For the server, enable this line in /etc/apt/sources.list:

deb-src dapper-security main restricted

Then run apt-get update; apt-get dist-upgrade to update.


Fedora comes with a utility called 'yum'. Red Hat provides a frontend to this called up2date (this used to be the Red Hat network front end). However, if you have a Fedora Core 1 install, up2date is broken as Red Hat signed packages with a key that has now expired. Run

 yum update

to download all the package headers (slow the first time) and all the updates packages (also slow the first time.)

It is worth reading the FAQ at Fedora FAQ as this can make updates faster and give you some help.


From the Mandriva Control Center, there is a GUI to check for and install updates. If you prefer the command line, urpmi is a powerful tool for keeping your system up to date.


If you're running Stable, add the following line to your AptSourcesList:

 deb stable/updates main contrib non-free

Then, every once in a while do an:

aptitude update
aptitude dist-upgrade

This will pull the latest security updates from Debian's server. Security packages are stable packages with only the fixes for security vulnerabilities applied. It's normally safe to install updates on a schedule with a script if you're using only - packages in security are very reliable.

If you want to be kept informed about Debian security updates, check out

If you're running Testing, you're out of luck. Wait 10 days for the security-fixed-in-unstable patch to filter down to you. If you're running Unstable, security fixes should be quickly integrated into your regular flood of updates.


 emerge -U world

will update all packages - but these are functionality updates as well as security updates, so is generaly not advised. Instead, run "emerge --sync" then "glsa-check --fix all". You should also check for documentation on dispatch.conf.


Knoppix is designed to boot of a read-only media such as a CDROM and no security patches are issued. It's important to check that you're using a copy of the most recent version of Knoppix if you are using it for non-trivial tasks.