This seems to affect Jessie will it be patched automatically or do we need to run updates?
The security update has been released, as per the link you made.
But to ensure that your personal machine(s) are updated you need to:
- Apply the update.
- Reboot your system - since this is a kernel security update you can install the fixed package, but you’ll still be running a vulnerable one until you restart.
If you’ve not already configured
unattended-upgrades, or some similar system of automatically applying security updates you will need to manually update your system.
If you’ve got the Debian Security lists configured for
apt-get then the following, as root, will suffice:
apt-get update apt-get upgrade
You’ll see from the output whether your kernel package(s) are updated.
Thanks, coming back to this in light of another security alert.
apt-get update and get
Fetched 12.0 MB in 5s (2,184 kB/s) Reading package lists... Done
apt-get upgrade and get
Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Do I assume that everything is up to date?
http://security.debian.org/ is in sources.list
Essentially yes, you should be fine.
However if you want to double check, and you know which CVE you’re interested in, you can use the Debian security tracker, enter the CVE at the bottom, and it will show you the versions of the packages which were vulnerable, and the versions that were fixed.
e.g. for the above CVE, go to https://security-tracker.debian.org/tracker/CVE-2016-0728, you’ll see the various kernel versions where it was fixed. If you then use
dpkg -l | grep linux to show which versions you’ve got installed.
You can also use
debsecan to check your system, and mail you updates of vulnerable packages.