A potential security vulnerability in Linux exists. Various Linux distros release security updates and patches to mitigate the potential vulnerability. This page shows you how to apply those security patches in Linux using the command line option to keep your server or desktop secure.
How to update security patches in Linux
- Open the terminal application
- For remote Linux server use ssh: ssh user@server-name
- RHEL/CentOS/Oracle Linux user run: sudo yum update
- Debian/Ubuntu Linux user run: sudo apt update && sudo apt upgrade
- OpenSUSE/SUSE Linux user run: sudo zypper up
Let us see all commands and examples in details.
Apply security patches in a CentOS/RHEL/Oracle Linux
Type the following yum command:
sudo yum check-update ## check for updates ##
sudo yum updateinfo ## list updates available for the RHEL/CentOS ##
Sample outputs:
Last metadata expiration check: 0:01:26 ago on Tuesday 12 November 2019 08:27:52 PM UTC. Updates Information Summary: available 2 Security notice(s) 2 Important Security notice(s) 71 Bugfix notice(s) 14 Enhancement notice(s) Security: kernel-core-4.18.0-147.el8.x86_64 is an installed security update Security: kernel-core-4.18.0-80.11.2.el8_0.x86_64 is the currently running version
Apply all those updates on RHEL 8/7 box:
sudo yum update
Since kernel security update was installed, reboot the Linux system:
sudo shutdown -r 0
A note about Fedora Linux users
Run dnf command:
sudo dnf update
Reboot the Linux box if new kernel or microcode update was installed:
sudo reboot
Debian/Ubuntu/Linux mint apply updates
Run the following apt command:
sudo apt update
List available security patches or updates:
sudo apt list --upgradable
ansible/bionic 2.9.0-1ppa~bionic all [upgradable from: 2.7.10-1ppa~bionic] apt/bionic-updates 1.6.12 amd64 [upgradable from: 1.6.10] apt-transport-https/bionic-updates 1.6.12 all [upgradable from: 1.6.10] apt-utils/bionic-updates 1.6.12 amd64 [upgradable from: 1.6.10] base-files/bionic-updates 10.1ubuntu2.7 amd64 [upgradable from: 10.1ubuntu2.4] bash/bionic-updates 4.4.18-2ubuntu1.2 amd64 [upgradable from: 4.4.18-2ubuntu1] bsdutils/bionic-updates 1:2.31.1-0.4ubuntu3.4 amd64 [upgradable from: 1:2.31.1-0.4ubuntu3.3] console-setup/bionic-updates 1.178ubuntu2.9 all [upgradable from: 1.178ubuntu2.8] console-setup-linux/bionic-updates 1.178ubuntu2.9 all [upgradable from: 1.178ubuntu2.8] debconf/bionic-updates 1.5.66ubuntu1 all [upgradable from: 1.5.66] debconf-i18n/bionic-updates 1.5.66ubuntu1 all [upgradable from: 1.5.66] dmsetup/bionic-updates 2:1.02.145-4.1ubuntu3.18.04.1 amd64 [upgradable from: 2:1.02.145-4.1ubuntu3]
Next, apple those security patches on a Debian/Ubuntu server:
sudo apt upgrade
Sample outputs:
Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: ieee-data python-certifi python-chardet python-jmespath python-kerberos python-libcloud python-lockfile python-netaddr python-openssl python-requests python-selinux python-simplejson python-urllib3 python-xmltodict wget Use 'apt autoremove' to remove them. The following packages will be upgraded: ansible apt apt-transport-https apt-utils base-files bash bsdutils console-setup console-setup-linux debconf debconf-i18n dmsetup dpkg dpkg-dev fdisk grep initramfs-tools initramfs-tools-bin initramfs-tools-core iputils-ping keyboard-configuration language-pack-en libapt-inst2.0 libapt-pkg5.0 libblkid1 libdevmapper1.02.1 libdns-export1100 libdpkg-perl libfdisk1 libisc-export169 libldap-2.4-2 libldap-common libmount1 libnss-systemd libpam-systemd libprocps6 libsmartcols1 libsystemd0 libudev1 libuuid1 login mount netplan.io nplan passwd procps python-apt-common python-pip-whl python3-apt python3-distutils python3-lib2to3 python3-pip python3-software-properties software-properties-common systemd systemd-sysv ubuntu-minimal udev unattended-upgrades util-linux xkb-data 61 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 24.5 MB of archives. After this operation, 26.8 MB of additional disk space will be used. Do you want to continue? [Y/n]
Again reboot the system if Linux kernel was updated or patched for security issues:
sudo reboot
OpenSUSE or SUSE Enterprise Linux apply security patches and updates
Firsr, refresh all repos using the zypper command:
sudo zypper refresh
Sample outputs:
Repository 'SLE-Module-Basesystem15-SP1-Pool' is up to date. Repository 'SLE-Module-Basesystem15-SP1-Updates' is up to date. Repository 'SLE-Module-Containers15-SP1-Pool' is up to date. Repository 'SLE-Module-Containers15-SP1-Updates' is up to date. Repository 'SLE-Module-Desktop-Applications15-SP1-Pool' is up to date. Repository 'SLE-Module-Desktop-Applications15-SP1-Updates' is up to date. Repository 'SLE-Module-DevTools15-SP1-Pool' is up to date. Repository 'SLE-Module-DevTools15-SP1-Updates' is up to date. Repository 'SLE-Module-Legacy15-SP1-Pool' is up to date. Repository 'SLE-Module-Legacy15-SP1-Updates' is up to date. Repository 'SLE-Module-Public-Cloud15-SP1-Pool' is up to date. Repository 'SLE-Module-Public-Cloud15-SP1-Updates' is up to date. Repository 'SLE-Module-Python2-15-SP1-Pool' is up to date. Repository 'SLE-Module-Python2-15-SP1-Updates' is up to date. Repository 'SLE-Module-CAP-Tools15-SP1-Pool' is up to date. Repository 'SLE-Module-CAP-Tools15-SP1-Updates' is up to date. Repository 'SLE-Product-SLES15-SP1-Pool' is up to date. Repository 'SLE-Product-SLES15-SP1-Updates' is up to date. Repository 'SLE-Module-Server-Applications15-SP1-Pool' is up to date. Repository 'SLE-Module-Server-Applications15-SP1-Updates' is up to date. Repository 'SLE-Module-Web-Scripting15-SP1-Pool' is up to date. Repository 'SLE-Module-Web-Scripting15-SP1-Updates' is up to date. All repositories have been refreshed.
Next, show a list of all available updates and patches on OpenSUSE or SUSE Enterprise Linux server:
zypper list-updates
Sample outputs:
Loading repository data... Reading installed packages... S | Repository | Name | Current Version | Available Version | Arch --+-------------------------------------+-------------------+-----------------------------+------------------------------+------- v | SLE-Module-Basesystem15-SP1-Updates | command-not-found | 0.2.1+20181004.20a0aae-4.28 | 0.2.2+20190613.e6c2668-6.3.2 | noarch v | SLE-Module-Basesystem15-SP1-Updates | rsyslog | 8.33.1-3.17.1 | 8.33.1-3.22.4 | x86_64 v | SLE-Module-Basesystem15-SP1-Updates | scout | 0.2.1+20181004.20a0aae-4.28 | 0.2.2+20190613.e6c2668-6.3.2 | noarch v | SLE-Module-Basesystem15-SP1-Updates | yast2-dns-server | 4.1.2-7.83 | 4.1.4-9.3.2 | noarch
Finally, apply those updates, run:
sudo zypper update
Sample outputs:
The following 4 packages are going to be upgraded: command-not-found rsyslog scout yast2-dns-server 4 packages to upgrade. Overall download size: 848.7 KiB. Already cached: 0 B. After the operation, additional 19.7 KiB will be used. Continue? [y/n/v/...? shows all options] (y): y Retrieving package rsyslog-8.33.1-3.22.4.x86_64 (1/4), 625.5 KiB ( 2.2 MiB unpacked) Retrieving: rsyslog-8.33.1-3.22.4.x86_64.rpm ...........................................................................................[done] Retrieving package scout-0.2.2+20190613.e6c2668-6.3.2.noarch (2/4), 85.5 KiB (248.7 KiB unpacked) Retrieving: scout-0.2.2+20190613.e6c2668-6.3.2.noarch.rpm ..............................................................................[done] Retrieving package yast2-dns-server-4.1.4-9.3.2.noarch (3/4), 92.0 KiB (433.9 KiB unpacked) Retrieving: yast2-dns-server-4.1.4-9.3.2.noarch.rpm ....................................................................................[done] Retrieving package command-not-found-0.2.2+20190613.e6c2668-6.3.2.noarch (4/4), 45.7 KiB (116.0 KiB unpacked) Retrieving: command-not-found-0.2.2+20190613.e6c2668-6.3.2.noarch.rpm ..................................................................[done] Checking for file conflicts: ...........................................................................................................[done] (1/4) Installing: rsyslog-8.33.1-3.22.4.x86_64 .........................................................................................[done] Additional rpm output: Updating /etc/sysconfig/syslog ... (2/4) Installing: scout-0.2.2+20190613.e6c2668-6.3.2.noarch ............................................................................[done] (3/4) Installing: yast2-dns-server-4.1.4-9.3.2.noarch ..................................................................................[done] (4/4) Installing: command-not-found-0.2.2+20190613.e6c2668-6.3.2.noarch ................................................................[done]
See zypper man page here.
Conclusion
This page described the process of keeping your Linux based system up-to-date, which involves installing updates and security patches.
🐧 Please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 1 comment... add one ↓
Related Tutorials
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Comments on this entry are closed.
Have a question or comment? Post it on the forum thread.