LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page [SOLVED] Ubuntu Package Versioning Scheme Question
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-20-2014, 03:26 PM   #1
YankeePride13
Member
 
Registered: Aug 2012
Distribution: Ubuntu 10.04, CentOS 6.3, Windows 7
Posts: 262

Rep: Reputation: 55
Ubuntu Package Versioning Scheme Question

So I received a vulnerability scan from my security team and I was using this website to check to see if Ubuntu had patched the CVE or not :

http://people.canonical.com/~ubuntu-security/cve/

So to use an old example, let's take CVE-2010-1452. I look up CVE-2010-1452 on that page and see what I think is an indication that it's been patched in Ubuntu 10.04 LTS:
Code:
Ubuntu 10.04 LTS (Lucid Lynx):	released (2.2.14-5ubuntu8.4)
Then I run a dpkg-query on my system to see what version of the package I have installed and I see 2.2.14-5ubuntu8.13.

I can not update apache2 any further and I assume 2.2.14-5ubuntu8.4 is newer than 2.2.14-5ubuntu8.13 so that makes me think that perhaps my package is out of date but I can't update apache2 via apt-get. So am I totally mistaken in thinking that 2.2.14-5ubuntu8.4 > 2.2.14-5ubuntu8.13 ?

Is there a better way to check to see if my Ubuntu systems (and CentOS for that matter, I use https://access.redhat.com/security/cve/ currently) have addressed a CVE vulnerability?
Last edited by YankeePride13; 06-20-2014 at 03:27 PM.
 
Old 06-21-2014, 02:16 PM   #2
cepheus11
Member
 
Registered: Nov 2010
Location: Germany
Distribution: Gentoo
Posts: 286

Rep: Reputation: 91
Quote:
Originally Posted by YankeePride13 View Post
I assume 2.2.14-5ubuntu8.4 is newer than 2.2.14-5ubuntu8.13
What makes you think that? 13 > 4, the other numbers are the same, so I think you have the fixed version (even a newer one)
 
Old 06-23-2014, 09:14 AM   #3
YankeePride13
Member
 
Registered: Aug 2012
Distribution: Ubuntu 10.04, CentOS 6.3, Windows 7
Posts: 262

Original Poster
Rep: Reputation: 55
Quote:
Originally Posted by cepheus11 View Post
What makes you think that? 13 > 4, the other numbers are the same, so I think you have the fixed version (even a newer one)
I'd say it's a combination of it being late on a Friday and that I was working on some code that did string comparison. Please ignore this post.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] package NAMING scheme Skaperen Slackware 24 10-02-2013 04:31 PM
Package versioning and difference of MD5Sum on files ithawtewrong Linux - General 8 06-28-2011 06:20 PM
Ubuntu Package Question Recovered Linux - Newbie 6 11-02-2006 08:57 PM
kernel versioning question St.Jimmy Linux - Kernel 2 10-01-2006 05:07 PM
Question about versioning (SuSE 9) unholy Linux - Distributions 4 10-31-2003 09:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:43 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration