How do I Apply Debian Linux Security update?November 15, 2010 by: upa_kid
It is very easy to update Debian Linux over Internet so that you can get updated packages in stable distribution. This short article explains you how to keep up to date your Debian server/workstation along with small tips.
Step # 1 Configure Debian to get updates
You need to configure the package resource list, which is used to locate archives of the package distribution system in use on the system. You need to edit file /etc/apt/sources.list. However Debian comes with different tools to save your life (pick any one of the following to configure your system)
If you are using GUI (KDE/Gnome) use synaptic GUI package manager (/usr/sbin/synaptic) is the best choice for you. Synaptic is a frontend for the apt package managent system. Assuming that you are using Gnome Desktop > Click on Application > System Tools > Synaptic Package Manage. It will ask you to authenticate, please supply root user password. Once Synaptic is on screen, select Properties > Repositories. If you can not find URL http://security.debian.org/, then click on New button and add the information as follows:
Section: main contrib
URL can be cdrom, file, http, and ftp. This is the place where apt will search for updates and packages.
Distribution specifies our distibution type for example it can be stable, unstable or testing.
Stable distribution used on production system.
Testing is like beta distribution, mostly after some time this moves to statble distribution,
Unstable is under development distribution.
Section specifies what component you would like to get. For example main component includes most of the packages, where contrib packages are contributed by users and so on.
If you are using command line then use apt-setup command. It is an interactive program that simplifies adding sources to apt’s sources.list. It knows about all the major debian mirrors and can help you select one. On remote debian server over ssh this tool will save you. Most admin uses this option to configure/reconfigure apt source list. Login as root and type command:
Follow on screen instructions.
(A) Select http/ftp server to get updates:
(B) Select nearest mirror country wise, this is essential for speedy download:
(C) Setup proxy server, username and password. This is only required if you don’t have direct access to Internet else please press enter key:
(D) Save the configuration and exit as you don’t have any more APT configuration required:
Option III: Edit file /etc/apt/sources.list
This is the fastest way to specify list of Internet site to get updates. Login as root user and fire vi text editor:
# vi /etc/apt/sources.list
Please add following lines to it:
deb http://ftp.iitm.ac.in/debian/ testing main
deb http://security.debian.org/ testing/updates main contrib
Save the file and exit to command prompt. I’m using ftp.iitm.ac.in to get all packages. This is the nearest mirror for me. If not sure then I recommend to use apt-setup tool. This tool aware of mirror according to your country.
Step # 2: Resynchronize the package index files
It is important to this step. This enables to fetch information of updated packages. Type apt-get command as follows:
# apt-get update
Hit http://ftp.iitm.ac.in testing/main Packages
Hit http://ftp.iitm.ac.in testing/main Release
Hit http://security.debian.org testing/updates/main Packages
Hit http://security.debian.org testing/updates/main Release
Hit http://security.debian.org testing/updates/contrib Packages
Hit http://security.debian.org testing/updates/contrib Release
Reading Package Lists… Done
Step # 3: Upgrade the Debian
You got list of updated package list, naturally next logical step is to upgrade system. Just type following command.
# apt-get upgrade
Building Dependency Tree… Done
The following packages have been kept back:
apache-common base-config bind9-ho…
443 upgraded, 0 newly installed, 0 to remove and 374 not upgraded.
Need to get 249MB of archives.
After unpacking 39.8MB of additional disk space will be used.
Do you want to continue? [Y/n]
Hit enter key to get updates. Please note that this will take some time.
Following tips may give you more information.
Q. How do I find Debian package is upgradeable or not?
You must have a command called apt-show-versions installed on system. First install it:
# apt-get install apt-show-versions
Next just type apt-show-versions command to get only list of upgradeable packages :
# apt-show-versions -u | less
Or better grep it:
# apt-show-versions -u | grep “apache”
Q: How do I upgrade all packages in testing:
Well, you can use above procedure or use apt-show-versions command as follows:
# apt-get install $(apt-show-versions -u -b | fgrep testing)
Q: How do I upgrade specific packages
Very easy just type package name, for example if you wish to upgrade apache-perl package then type:
# apt-get install apache-perl
This is useful if you just wish to upgrade single package and not entire system.
For more information:
* Read man pages of apt-get(8), sources.lst(5)
* Read official Debian security information.
* Subscribe debian-security-announce mailing list. This is the first place where the security team informs the users about security problems about Debian packages.
Update 26-Sep-05, 01:27 AM:
You might experience some problem while doing upgrade, check out small update by our regular contributor on forum.Have you found this script useful? Please support author by PayPal donation.
- How To Upgrade A Debian Etch System (Server & Desktop) To Debian Lenny
- Howto Upgrade Debian 4 Etch to Debian 5.0 Lenny
- Howto upgrade Debian 3.1 Sarge to Debian 4.0 Etch stable
- Debian Linux How to find out if installed package is from stable or testing environment
- A Short Introduction To Apt-Pinning
- A Short Introduction To Apt-Pinning
- Integrating XCache Into PHP5 (Debian Etch & lighttpd)
- How To Block Spammers/Hackers With mod_defensible On Apache2 (Debian Etch)
- Enabling MSSQL for PHP5 On Debian Lenny (testing)
- How To Create A Local Debian/Ubuntu Mirror With apt-mirror