Penguin

This page has instructions for keeping your Linux computer up-to-date with security updates and patches. The mechanisms differ for each distribution.

Ubuntu

On the desktop, you'll be notified if you need to install any patches. For the server, enable this line in /etc/apt/sources.list:

deb-src http://security.ubuntu.com/ubuntu dapper-security main restricted

Then run apt-get update; apt-get dist-upgrade to update.

Fedora

Fedora comes with a utility called 'yum'. Red Hat provides a frontend to this called up2date (this used to be the Red Hat network front end). However, if you have a Fedora Core 1 install, up2date is broken as Red Hat signed packages with a key that has now expired. Run

 yum update

to download all the package headers (slow the first time) and all the updates packages (also slow the first time.)

It is worth reading the FAQ at Fedora FAQ as this can make updates faster and give you some help.

Mandriva

From the Mandriva Control Center, there is a GUI to check for and install updates. If you prefer the command line, urpmi is a powerful tool for keeping your system up to date.

Debian

If you're running Stable, add the following line to your AptSourcesList:

 deb http://security.debian.org stable/updates main contrib non-free

Then, every once in a while do an:

aptitude update
aptitude dist-upgrade

This will pull the latest security updates from Debian's server. Security packages are stable packages with only the fixes for security vulnerabilities applied. It's normally safe to install updates on a schedule with a script if you're using only security.debian.org - packages in security are very reliable.

If you want to be kept informed about Debian security updates, check out http://lists.debian.org/debian-security-announce/.

If you're running Testing, you're out of luck. Wait 10 days for the security-fixed-in-unstable patch to filter down to you. If you're running Unstable, security fixes should be quickly integrated into your regular flood of updates.

Gentoo

 emerge -U world

will update all packages - but these are functionality updates as well as security updates, so is generaly not advised. Instead, run "emerge --sync" then "glsa-check --fix all". You should also check gentoo.org for documentation on dispatch.conf.

Knoppix

Knoppix is designed to boot of a read-only media such as a CDROM and no security patches are issued. It's important to check that you're using a copy of the most recent version of Knoppix if you are using it for non-trivial tasks.


CategoryBeginners