![]() ![]() To be notified of security updates, I higly recommend subscribing to the Debian security announcements mailinglist.Īnother option is ensuring your server can send you emails, and installing a package like apticron, which emails you when packages on your system need updating. from your post, you might want to do this soon. Judging from the fact that you report your Debian version as 8.8 (we're at 8.9) and the. A simple but tedious way is to log in regularly and run # apt-get update This is your responsibility it is not done automatically. Next, you must ensure that you install updated packages. This is a normal part of any installation, you should not have to do anything special. ![]() So, how do you ensure you're up to date with these security updates?įirst, you need to have the security repository in your /etc/apt/sources.list or /etc/apt//*, something like this: deb jessie/updates main So if you're on version 2.4.10-10+deb8u11, you should be safe from all these vulnerabilities! You can check this with dpkg -l apache2 (ensure your terminal is wide enough to show the full version number). If we do that, we can see that CVE-2017-9788 has the status "fixed" in or before version 2.4.10-10+deb8u11. We can search for these vulnerabilities on the Debian security tracker. Luckily, every significant vulnerability is assigned a Common Vulnerability and Exposures (CVE) identifier, so we can talk easily about specific vulnerabilities.įor example, on this page for Tenable issue 101788 we can see that that issue is about vulnerabilities CVE-2017-9788 and CVE-2017-9789. We need to know exactly which security issues they are talking about. To check if Debian stable is vulnerable for your issues, Tenable's "2.4.x < 2.4.27 multiple issues" is useless. In general, as long as you run a supported Debian version, stick to stock Debian packages, and stay up to date on their security updates, you should be good. Security fixes are fixed immediately and provided through an update channel. Serious bugs are collected and fixed in point releases (the. This minimizes disruptions from version upgrades, but it makes version sniffing such as Tenable does meaningless. So if Debian stable ships with Apache 2.4.10, a security issue is found and fixed in 2.4.26, Debian will take this security fix, and apply it to 2.4.10, and distribute the fixed 2.4.10 to its users. This means that for a stable release very little changes, and once things work they should continue working for a long time.īut, what if a serious bug or security issue is discovered after release of a Debian stable version? These are fixed, in the software version provided with Debian stable. Because Debian values stability over changes, the policy is to freeze the software versions in the packages of a stable release. To see why this is, you must understand how Debian deals with packaging, versions, and security issues. Manual upgrading for security is unnecessary and probably harmful. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |