A potential security vulnerability in Linux exists. Various Linux distros release security updates and patches to mitigate the potential vulnerability. This page shows you how to apply those security patches in Linux using the command line option to keep your server or desktop secure.
ADVERTISEMENTS
How to update security patches in Linux
- Open the terminal application
- For remote Linux server use ssh: ssh user@server-name
- RHEL/CentOS/Oracle Linux user run: sudo yum update
- Debian/Ubuntu Linux user run: sudo apt update && sudo apt upgrade
- OpenSUSE/SUSE Linux user run: sudo zypper up
Let us see all commands and examples in details.
Apply security patches in a CentOS/RHEL/Oracle Linux
Type the following yum command:
sudo yum check-update ## check for updates ##
sudo yum updateinfo ## list updates available for the RHEL/CentOS ##
Sample outputs:
Last metadata expiration check: 0:01:26 ago on Tuesday 12 November 2019 08:27:52 PM UTC. Updates Information Summary: available 2 Security notice(s) 2 Important Security notice(s) 71 Bugfix notice(s) 14 Enhancement notice(s) Security: kernel-core-4.18.0-147.el8.x86_64 is an installed security update Security: kernel-core-4.18.0-80.11.2.el8_0.x86_64 is the currently running version |
Apply all those updates on RHEL 8/7 box:
sudo yum update
Since kernel security update was installed, reboot the Linux system:
sudo shutdown -r 0
A note about Fedora Linux users
Run dnf command:
sudo dnf update
Reboot the Linux box if new kernel or microcode update was installed:
sudo reboot
Debian/Ubuntu/Linux mint apply updates
Run the following apt command:
sudo apt update
List available security patches or updates:
sudo apt list --upgradable
ansible/bionic 2.9.0-1ppa~bionic all [upgradable from: 2.7.10-1ppa~bionic] apt/bionic-updates 1.6.12 amd64 [upgradable from: 1.6.10] apt-transport-https/bionic-updates 1.6.12 all [upgradable from: 1.6.10] apt-utils/bionic-updates 1.6.12 amd64 [upgradable from: 1.6.10] base-files/bionic-updates 10.1ubuntu2.7 amd64 [upgradable from: 10.1ubuntu2.4] bash/bionic-updates 4.4.18-2ubuntu1.2 amd64 [upgradable from: 4.4.18-2ubuntu1] bsdutils/bionic-updates 1:2.31.1-0.4ubuntu3.4 amd64 [upgradable from: 1:2.31.1-0.4ubuntu3.3] console-setup/bionic-updates 1.178ubuntu2.9 all [upgradable from: 1.178ubuntu2.8] console-setup-linux/bionic-updates 1.178ubuntu2.9 all [upgradable from: 1.178ubuntu2.8] debconf/bionic-updates 1.5.66ubuntu1 all [upgradable from: 1.5.66] debconf-i18n/bionic-updates 1.5.66ubuntu1 all [upgradable from: 1.5.66] dmsetup/bionic-updates 2:1.02.145-4.1ubuntu3.18.04.1 amd64 [upgradable from: 2:1.02.145-4.1ubuntu3] |
Next, apple those security patches on a Debian/Ubuntu server:
sudo apt upgrade
Sample outputs:
Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: ieee-data python-certifi python-chardet python-jmespath python-kerberos python-libcloud python-lockfile python-netaddr python-openssl python-requests python-selinux python-simplejson python-urllib3 python-xmltodict wget Use 'apt autoremove' to remove them. The following packages will be upgraded: ansible apt apt-transport-https apt-utils base-files bash bsdutils console-setup console-setup-linux debconf debconf-i18n dmsetup dpkg dpkg-dev fdisk grep initramfs-tools initramfs-tools-bin initramfs-tools-core iputils-ping keyboard-configuration language-pack-en libapt-inst2.0 libapt-pkg5.0 libblkid1 libdevmapper1.02.1 libdns-export1100 libdpkg-perl libfdisk1 libisc-export169 libldap-2.4-2 libldap-common libmount1 libnss-systemd libpam-systemd libprocps6 libsmartcols1 libsystemd0 libudev1 libuuid1 login mount netplan.io nplan passwd procps python-apt-common python-pip-whl python3-apt python3-distutils python3-lib2to3 python3-pip python3-software-properties software-properties-common systemd systemd-sysv ubuntu-minimal udev unattended-upgrades util-linux xkb-data 61 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 24.5 MB of archives. After this operation, 26.8 MB of additional disk space will be used. Do you want to continue? [Y/n] |
Again reboot the system if Linux kernel was updated or patched for security issues:
sudo reboot
OpenSUSE or SUSE Enterprise Linux apply security patches and updates
Firsr, refresh all repos using the zypper command:
sudo zypper refresh
Sample outputs:
Repository 'SLE-Module-Basesystem15-SP1-Pool' is up to date. Repository 'SLE-Module-Basesystem15-SP1-Updates' is up to date. Repository 'SLE-Module-Containers15-SP1-Pool' is up to date. Repository 'SLE-Module-Containers15-SP1-Updates' is up to date. Repository 'SLE-Module-Desktop-Applications15-SP1-Pool' is up to date. Repository 'SLE-Module-Desktop-Applications15-SP1-Updates' is up to date. Repository 'SLE-Module-DevTools15-SP1-Pool' is up to date. Repository 'SLE-Module-DevTools15-SP1-Updates' is up to date. Repository 'SLE-Module-Legacy15-SP1-Pool' is up to date. Repository 'SLE-Module-Legacy15-SP1-Updates' is up to date. Repository 'SLE-Module-Public-Cloud15-SP1-Pool' is up to date. Repository 'SLE-Module-Public-Cloud15-SP1-Updates' is up to date. Repository 'SLE-Module-Python2-15-SP1-Pool' is up to date. Repository 'SLE-Module-Python2-15-SP1-Updates' is up to date. Repository 'SLE-Module-CAP-Tools15-SP1-Pool' is up to date. Repository 'SLE-Module-CAP-Tools15-SP1-Updates' is up to date. Repository 'SLE-Product-SLES15-SP1-Pool' is up to date. Repository 'SLE-Product-SLES15-SP1-Updates' is up to date. Repository 'SLE-Module-Server-Applications15-SP1-Pool' is up to date. Repository 'SLE-Module-Server-Applications15-SP1-Updates' is up to date. Repository 'SLE-Module-Web-Scripting15-SP1-Pool' is up to date. Repository 'SLE-Module-Web-Scripting15-SP1-Updates' is up to date. All repositories have been refreshed. |
Next, show a list of all available updates and patches on OpenSUSE or SUSE Enterprise Linux server:
zypper list-updates
Sample outputs:
Loading repository data... Reading installed packages... S | Repository | Name | Current Version | Available Version | Arch --+-------------------------------------+-------------------+-----------------------------+------------------------------+------- v | SLE-Module-Basesystem15-SP1-Updates | command-not-found | 0.2.1+20181004.20a0aae-4.28 | 0.2.2+20190613.e6c2668-6.3.2 | noarch v | SLE-Module-Basesystem15-SP1-Updates | rsyslog | 8.33.1-3.17.1 | 8.33.1-3.22.4 | x86_64 v | SLE-Module-Basesystem15-SP1-Updates | scout | 0.2.1+20181004.20a0aae-4.28 | 0.2.2+20190613.e6c2668-6.3.2 | noarch v | SLE-Module-Basesystem15-SP1-Updates | yast2-dns-server | 4.1.2-7.83 | 4.1.4-9.3.2 | noarch |
Finally, apply those updates, run:
sudo zypper update
Sample outputs:
The following 4 packages are going to be upgraded: command-not-found rsyslog scout yast2-dns-server 4 packages to upgrade. Overall download size: 848.7 KiB. Already cached: 0 B. After the operation, additional 19.7 KiB will be used. Continue? [y/n/v/...? shows all options] (y): y Retrieving package rsyslog-8.33.1-3.22.4.x86_64 (1/4), 625.5 KiB ( 2.2 MiB unpacked) Retrieving: rsyslog-8.33.1-3.22.4.x86_64.rpm ...........................................................................................[done] Retrieving package scout-0.2.2+20190613.e6c2668-6.3.2.noarch (2/4), 85.5 KiB (248.7 KiB unpacked) Retrieving: scout-0.2.2+20190613.e6c2668-6.3.2.noarch.rpm ..............................................................................[done] Retrieving package yast2-dns-server-4.1.4-9.3.2.noarch (3/4), 92.0 KiB (433.9 KiB unpacked) Retrieving: yast2-dns-server-4.1.4-9.3.2.noarch.rpm ....................................................................................[done] Retrieving package command-not-found-0.2.2+20190613.e6c2668-6.3.2.noarch (4/4), 45.7 KiB (116.0 KiB unpacked) Retrieving: command-not-found-0.2.2+20190613.e6c2668-6.3.2.noarch.rpm ..................................................................[done] Checking for file conflicts: ...........................................................................................................[done] (1/4) Installing: rsyslog-8.33.1-3.22.4.x86_64 .........................................................................................[done] Additional rpm output: Updating /etc/sysconfig/syslog ... (2/4) Installing: scout-0.2.2+20190613.e6c2668-6.3.2.noarch ............................................................................[done] (3/4) Installing: yast2-dns-server-4.1.4-9.3.2.noarch ..................................................................................[done] (4/4) Installing: command-not-found-0.2.2+20190613.e6c2668-6.3.2.noarch ................................................................[done] |
See zypper man page here.
Conclusion
This page described the process of keeping your Linux based system up-to-date, which involves installing updates and security patches.
UP NEXT
LXD list all images for Linux distro using lxc command
How to check and list installed packages in CentOS Linux
How to install/update Intel microcode firmware on Linux
How To Enable and Install EPEL Repo on CentOS 8
SUSE 15 update installed packages for security
How To Patch and Protect Linux Server Against the Glibc GHOST Vulnerability # CVE-2015-0235
CentOS 8 update installed packages for security
Have a question or comment? Post it on the forum thread.