l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2004 Mar 05 12:29

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] debian kernel security updates
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] debian kernel security updates

Quoting Charles McLaughlin (cmclaughlin@ucdavis.edu):

> If you run Debian Woody or maybe even Testing and have your sources.list 
> setup for security updates, does "apt-get dist-upgrade" update to the 
> most recent stable kernel-image?


First thing:  Do you even have a kernel-image*.deb package installed?[1]
By default, the installer used through woody doesn't:  You get a copy of
the installer's own kernel put in your /boot directory, but it's not
registered in the package database.  (It's intended that you'd
immediately apt-get some kernel _appropriate_ to your CPU/motherboard,
but most people don't figure that out.)  This will not be the case
starting with the new installer (now in beta).

So, if you've installed, say, the "kernel-image-2.4.18-1-686-smp"
package available from the stable collection, then the Security Team
guarantees that it will keep patched upgrade versions of that package
in its apt-gettable archive, the one you track by including...

deb http://security.debian.org stable/updates main contrib non-free
...in your sources.list.  That's the Security Team's primary task --
producing packages with backported security fixes that are versioned so
as to upgrade smoothly from standard stable-branch packages already

If you're on the stable branch, but are using a kernel you acquired some
other way, from some other sort of package source, then automatic
acquisition of patched kernels in that fashion probably won't work.

If you're on the testing branch, the Security Team doesn't promise to
keep you updated, but they do publish quite a lot of security-fix
packages for that branch.  Making sure your system actually gets all the
security fixes it needs is up to you to ensure:  You should subscribe to
the security-alert mailing list, read the occasional Debian Security
Advisories (DSAs) it sends you, and take whatever corrective action
seems best for advisories relevant to your system.

[1] Do "dpkg -l | grep kernel-image".

Cheers,                                Bad Unabomber!
Rick Moen                              Blowing people all to hell.
rick@linuxmafia.com                    Do you take requests?
               --  Unabomber Haiku Contest, CyberLaw mailing list
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!