Cve-2016-0728


#1

This seems to affect Jessie will it be patched automatically or do we need to run updates?

https://www.debian.org/security/2016/dsa-3448


#2

The security update has been released, as per the link you made.

But to ensure that your personal machine(s) are updated you need to:

  • Apply the update.
  • Reboot your system - since this is a kernel security update you can install the fixed package, but you’ll still be running a vulnerable one until you restart.

If you’ve not already configured unattended-upgrades, or some similar system of automatically applying security updates you will need to manually update your system.

If you’ve got the Debian Security lists configured for apt-get then the following, as root, will suffice:

 apt-get update
apt-get upgrade

You’ll see from the output whether your kernel package(s) are updated.


#3

Thanks, coming back to this in light of another security alert.

I run apt-get update and get

Fetched 12.0 MB in 5s (2,184 kB/s)                                        
Reading package lists... Done

I run apt-get upgrade and get

Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Do I assume that everything is up to date?

http://security.debian.org/ is in sources.list


#4

Essentially yes, you should be fine.

However if you want to double check, and you know which CVE you’re interested in, you can use the Debian security tracker, enter the CVE at the bottom, and it will show you the versions of the packages which were vulnerable, and the versions that were fixed.

e.g. for the above CVE, go to https://security-tracker.debian.org/tracker/CVE-2016-0728, you’ll see the various kernel versions where it was fixed. If you then use dpkg -l | grep linux to show which versions you’ve got installed.


#5

You can also use debsecan to check your system, and mail you updates of vulnerable packages.