Results 1 to 7 of 7

Thread: Update latest security patches or not?

  1. #1
    Join Date
    Jul 2012
    Beans
    18

    Question Update latest security patches or not?

    Hi everyone,

    I heard few people talking about this (vendors in specific). But I am not sure, better I ask ubuntu forum directly.

    This is quite a noob question.

    Logical wise, I should not simply update security patches (comes from Windows env) as it will break my applications running (alfresco). But if I don't patch security patches, there may be an hole on my server and be more vulnerable for attacks.

    So if you are at my scenario, what will you do?

    My concern here is that if I update a security patch, will it really break my application?

    I noticed when i login into ubuntu, it will show me ...

    XX updates
    XX security updates

    I just want to update the security updates and not the normal updates.

    I tried this:-

    apt-get update
    apt-get upgrade or apt-get dist-upgrade

    but often i believe it will install both normal and security updates.

    what should i do? Thanks.

  2. #2
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Update latest security patches or not?

    You should install all updates of the OS you use, period. If you want to have less frequent updates, then Ubuntu is not the right OS for you, and you should use something like Debian stable.
    「明後日の夕方には帰ってるからね。」


  3. #3
    Join Date
    Jun 2011
    Beans
    357

    Re: Update latest security patches or not?

    If you are concerned about your application breaking, I recommend setting up a virtual machine which has the exact same configuration, packages and application(s) installed. When updated packages ar eavailable, install them in your virtual machine. Then reboot the virtual machine and see if everything still works. If nothing broke, then download the same updates for the real server. However, if your virtual machine stops working then you know one of the updates broke something and you can look into finding a solution in your virtual environment ebfore applying updates to the main server.

    Check out VirtualBox (available in the repositories) for an easy way to set up a virtual server.

  4. #4
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    9,987
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Update latest security patches or not?

    I didn't see any obvious settings in the man page for apt-get or apt.conf, but a quick Google search brought me to this page. It makes the common sense suggestion of commenting out all the entries in /etc/apt/sources.list except the ones for the security repositories. Then just run apt-get upgrade each night via cron.

    You should always install security patches as soon as they are available. Other updates are optional.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  5. #5
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Update latest security patches or not?

    Quote Originally Posted by SeijiSensei View Post
    Other updates are optional.
    No, they are not. A bug can be very severe without being a security bug.
    「明後日の夕方には帰ってるからね。」


  6. #6
    Join Date
    Apr 2006
    Beans
    996
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Update latest security patches or not?

    ^ But unless the bug is actually affecting you in a noticeable way then there is no need to update.


    Quote Originally Posted by ericmachine View Post
    Hi everyone,

    I heard few people talking about this (vendors in specific). But I am not sure, better I ask ubuntu forum directly.

    This is quite a noob question.

    Logical wise, I should not simply update security patches (comes from Windows env) as it will break my applications running (alfresco). But if I don't patch security patches, there may be an hole on my server and be more vulnerable for attacks.

    So if you are at my scenario, what will you do?

    My concern here is that if I update a security patch, will it really break my application?

    I noticed when i login into ubuntu, it will show me ...

    XX updates
    XX security updates

    I just want to update the security updates and not the normal updates.

    I tried this:-

    apt-get update
    apt-get upgrade or apt-get dist-upgrade

    but often i believe it will install both normal and security updates.

    what should i do? Thanks.
    In ubuntu, they make a very relevant effort not to include anything else besides the security/bug fixes in the packages they are releasing. New features and tweaks usually are not packaged in the updates (you would need an OS upgrade or PPA to get them).

    Also, we got a "proposed" repository which some users test before allowing an update into the wild for mainstream users.

    Regressions are thus very rare. Of course, they are not impossible. In case of no confidence, set up a test version of your server (either in VM or in another computer) running the updated versions and whatever the server runs and test out if something failed before installing.
    Xye incredibly difficult puzzle game with minimal graphics. Also at playdeb
    Got a blog: Will Stay Free

  7. #7
    Join Date
    Jul 2012
    Beans
    18

    Re: Update latest security patches or not?

    Noted and thanks.

    It's good idea to have a vm setup for testing. Will let my guys know

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •