LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 01-11-2008, 10:54 PM   #1
aquaboot
Member
 
Registered: May 2005
Location: Berkeley, CA.
Distribution: debain freebsd
Posts: 465

Rep: Reputation: 31
Debian Security Updates


Hi All,

I'm on the debian secure-testing-announce mailing list and get emails periodically of new security updates ready for download and install. I'm not sure they're installing though. For example, I received an email tonight saying the following are available:

apache2 2.2.6-3:
CVE-2007-6203: http://cve.mitre.org/cgi-bin/cvename...=CVE-2007-6203

wordpress 2.3.2-1:
<no CVE yet> : wordpress information leak
http://bugs.debian.org/459305

I follow their instructions:

How to update:
--------------
Make sure the line

deb http://security.debian.org lenny/updates main contrib non-free

is present in your /etc/apt/sources.list. Of course, you also need the line
pointing to your normal lenny mirror. You can use

aptitude update && aptitude dist-upgrade

to install the updates.

Here is my /etc/apt/sources.list:

# deb cdrom:[Debian GNU/Linux testing _Lenny_ - Official Snapshot i386 NETINST Binary-1 20070427-09:06]/ lenny contrib main

deb cdrom:[Debian GNU/Linux testing _Lenny_ - Official Snapshot i386 NETINST Binary-1 20070427-09:06]/ lenny contrib main

deb http://ftp.is.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.is.debian.org/debian/ lenny main contrib non-free


#Debian securiy databases
deb http://security.debian.org lenny/updates main contrib non-free
deb-src http://security.debian.org lenny/updates main contrib non-free



I do an aptitude update and then an aptitude dist-upgrade as instructed and aptitude reports no packages available for download:

Building tag database... Done
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B of archives. After unpacking 0B will be used.


This is frustrating, especially since these are security updates. Any help is much appreciated.

Thanks,

ab

Last edited by aquaboot; 01-11-2008 at 10:56 PM.
 
Old 01-11-2008, 11:14 PM   #2
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
can check the installed version using apt-cache policy

Code:
default@debianetch:~$ apt-cache policy apache2
apache2:
  Installed: 2.2.3-4+etch3
  Candidate: 2.2.3-4+etch3
  Version table:
 *** 2.2.3-4+etch3 0
        500 http://ftp.uwsg.indiana.edu etch/main Packages
        100 /var/lib/dpkg/status

default@debianetch:~$ apt-cache policy mount
mount:
  Installed: 2.12r-19etch1
  Candidate: 2.12r-19etch1
  Version table:
 *** 2.12r-19etch1 0
        500 http://security.debian.org etch/updates/main Packages
        100 /var/lib/dpkg/status
     2.12r-19 0
        500 http://ftp.uwsg.indiana.edu etch/main Packages
it will show you what versions are available, from which repositories in your list, and which one is currently installed.

Since there are multiple security servers, theres a small possibility the update has not replicated out to all of them yet...
 
Old 01-11-2008, 11:53 PM   #3
aquaboot
Member
 
Registered: May 2005
Location: Berkeley, CA.
Distribution: debain freebsd
Posts: 465

Original Poster
Rep: Reputation: 31
Thanks for the reply farslayer and nifty trick. I ran apt-cache policy for the two packages in question and if I'm reading the output correctly, neither is installed. I guess that's why they didn't get the security updates:

aquamarine:~# man apt-cache
aquamarine:~# apt-cache policy apache2
apache2:
Installed: (none)
Candidate: 2.2.6-2
Version table:
2.2.6-2 0
500 http://ftp.is.debian.org lenny/main Packages
aquamarine:~# apt-cache policy wordpress
wordpress:
Installed: (none)
Candidate: 2.3.1-1
Version table:
2.3.1-1 0
500 http://ftp.is.debian.org lenny/main Packages

-ab
 
Old 01-12-2008, 06:51 AM   #4
Telemachos
Member
 
Registered: May 2007
Distribution: Debian
Posts: 754

Rep: Reputation: 59
Not every package is installed on your system, and for all the obvious reasons, you only get security upgrades for the programs you have. Since you use Aptitude, I will mention that you can use it to check the status of packages as well. If you try "aptitude search apache2 wordpress", Aptitude will search for packages with those exact phrases in their name. (You can do much more complicated and subtle searches, but in this case you knew the names, so why not be straightforward.) It will then print out a list of some basic information about what it finds, one line per package. If the package is installed you will see an "i" at the far left. See "man aptitude" for more details. It looks like this:
Code:
telemachus ~ $ aptitude search wordpress aptitude
i   aptitude                        - terminal-based package manager            
p   aptitude-dbg                    - Debug symbols for the aptitude package man
v   aptitude-doc                    -                                           
p   aptitude-doc-cs                 - Czech manual for aptitude, a terminal-base
i   aptitude-doc-en                 - English manual for aptitude, a terminal-ba
p   aptitude-doc-fi                 - Finnish manual for aptitude, a terminal-ba
p   aptitude-doc-fr                 - French manual for aptitude, a terminal-bas
p   aptitude-doc-ja                 - Japanese manual for aptitude, a terminal-b
p   wordpress                       - an award winning weblog manager
 
Old 01-12-2008, 01:05 PM   #5
aquaboot
Member
 
Registered: May 2005
Location: Berkeley, CA.
Distribution: debain freebsd
Posts: 465

Original Poster
Rep: Reputation: 31
Thanks for the additional info. This seems extremely useful.

Cheers,

ab
 
Old 01-12-2008, 04:27 PM   #6
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
I use aptitude as well for package management. Unfortunately I haven't found an equivalent of the apt-cache policy command using aptitude that shows the installed versions, and which repositories they came from.

It is always a good idea to be very familiar with the package manager you are using. I would recommend reading the aptitude reference guide you will then be familiar with things like that first character on each line of the aptitude search output and what those characters mean.

Code:
i	-	the package is installed and all its dependencies are satisfied.
c	-	the package was removed, but its configuration files are still present.
p	-	the package and all its configuration files were removed, or the package was never installed.
v	-	the package is virtual.
B	-	the package has broken dependencies.
u	-	the package has been unpacked but not configured.
C	-	half-configured: the package's configuration was interrupted.
H	-	half-installed: the package's installation was interrupted.
Enjoy your Debian experience !!
 
Old 01-12-2008, 07:47 PM   #7
aquaboot
Member
 
Registered: May 2005
Location: Berkeley, CA.
Distribution: debain freebsd
Posts: 465

Original Poster
Rep: Reputation: 31
Yes, good advice. I'll take a look at the info. Thanks again both of you for the tips.

Sincerely,

ab
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Whats the security updates now for the sources.list for etch/Debian? steelheat Linux - Newbie 7 12-15-2007 06:45 PM
security updates for 10.2? l33t_c0w Slackware 4 02-15-2007 10:32 PM
Security Updates the trooper Suse/Novell 2 11-16-2006 06:17 AM
Security updates for debian bigeeguy Linux - Newbie 1 04-05-2004 12:11 PM
security updates Tigger Linux - Security 1 09-16-2003 09:38 PM


All times are GMT -5. The time now is 05:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration