Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

About security updates :

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
Fossy
df -h | participant
df -h | participant
Posts: 338
Joined: 2021-08-06 12:45
Has thanked: 34 times
Been thanked: 31 times

About security updates :

#1 Post by Fossy »

in response to :
1/ the recent release of 11.1
2/ Debian Security Advisory DSA-4988-1
Package: libreoffice
CVE ID: CVE-2021-25633 CVE-2021-25634

if I add that I systematically get all the reported updates I receive through the software program and regularly perform a " sudo apt update && sudo apt upgrade " .

Moreover do not use any software that is not included by default in the Debian offering ( we limit ourselves to evolution / libreoffice / gimp ) .

relevant ? Mozilla Firefox as web browser and DuckDuckGo as search engine .

Do I have the following questions :
1/ do I have to get the dot release every time to be on the safe side?
2/ Concerning LibreOffice: I followed the warning by doing a "sudo apt dist-upgrade" WITHOUT having specified a package ... and it went smoothly ...
Only LibreOffice was involved ... question: may I assume that this apt command has processed all the applications that I use?

Thank you .

Translated with www.DeepL.com/Translator (free version)
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software

https://cdimage.debian.org/debian-cd/cu ... so-hybrid/

User avatar
FreewheelinFrank
Global Moderator
Global Moderator
Posts: 2082
Joined: 2010-06-07 16:59
Has thanked: 38 times
Been thanked: 225 times

Re: About security updates :

#2 Post by FreewheelinFrank »

You should have the security repository enabled to get security fixes as soon as they are released. This will be before the point release.

Code: Select all

deb https://security.debian.org/debian-security bullseye-security main
https://wiki.debian.org/NewInBullseye

apt dist-upgrade updates all packages yes. Was there a specific warning to use apt dist-upgrade? apt upgrade should be enough, unless there are packages to be removed.

To really be on the safe side, you can mitigate security vulnerabilities before a fix is issued: in this case if you rely on digital signatures, don't trust them until the fix is issued, and contact the person who has purportedly sent you the document to confirm that they really did.

Fossy
df -h | participant
df -h | participant
Posts: 338
Joined: 2021-08-06 12:45
Has thanked: 34 times
Been thanked: 31 times

Re: About security updates :

#3 Post by Fossy »

FreewheelinFrank wrote: 2021-10-17 19:57 You should have the security repository enabled to get security fixes as soon as they are released. This will be before the point release.

Code: Select all

deb https://security.debian.org/debian-security bullseye-security main
https://wiki.debian.org/NewInBullseye
apt dist-upgrade updates all packages yes. Was there a specific warning to use apt dist-upgrade? apt upgrade should be enough, unless there are packages to be removed.
To really be on the safe side, you can mitigate security vulnerabilities before a fix is issued: in this case if you rely on digital signatures, don't trust them until the fix is issued, and contact the person who has purportedly sent you the document to confirm that they really did.
1/ that’s ok :

Code: Select all

  Active apt repos in: /etc/apt/sources.list 
  1: deb http://deb.debian.org/debian bullseye main
  2: deb-src http://deb.debian.org/debian bullseye main
  3: deb http://deb.debian.org/debian bullseye-updates main
  4: deb-src http://deb.debian.org/debian bullseye-updates main
  5: deb http://security.debian.org/debian-security/ bullseye-security main
  6: deb-src http://security.debian.org/debian-security/ bullseye-security main
  Active apt repos in: /etc/apt/sources.list.d/eid.list 
  1: deb http://files.eid.belgium.be/debian bullseye main
  2: deb http://files2.eid.belgium.be/debian bullseye main
2/ no , can’t remenber a specific warning

3/ if I understand correctly you are referring here to how I receive these security vulnerabilities notifications ?
I receive these via mail :
From: Moritz Muehlenhoff <jmm@debian.org>
Reply-to: debian-security-announce-request@lists.debian.org
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 4988-1] libreoffice security update
Date: Sat, 16 Oct 2021 19:23:57 +0000 (16-10-21 21:23:57)
Security: partially signed with GPG

thank you

Translated with www.DeepL.com/Translator (free version)
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software

https://cdimage.debian.org/debian-cd/cu ... so-hybrid/

Fossy
df -h | participant
df -h | participant
Posts: 338
Joined: 2021-08-06 12:45
Has thanked: 34 times
Been thanked: 31 times

Re: About security updates :

#4 Post by Fossy »

@ FreewheelinFrank :
After reading this I have to admit to my great pleasure ! that my topic asked a stupid and unnecessary question : : https://www.debian.org/News/2021/20211009

“ Please note that the point release does not constitute a new version of Debian 11 but only updates some of the packages included. There is no need to throw away old "bullseye" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. “

don't want to hide behind a finger , but this was not the case with previous Linux Distros I used .

nevertheless thank you for your response that moreover sums up everything once more
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software

https://cdimage.debian.org/debian-cd/cu ... so-hybrid/

Fossy
df -h | participant
df -h | participant
Posts: 338
Joined: 2021-08-06 12:45
Has thanked: 34 times
Been thanked: 31 times

Re: About security updates :

#5 Post by Fossy »

FreewheelinFrank wrote: 2021-10-17 19:57 ...
apt dist-upgrade updates all packages yes. Was there a specific warning to use apt dist-upgrade? apt upgrade should be enough, unless there are packages to be removed.
......
indeed " apt upgrade " did the job ... applied to our 5 other laptops running Debian 11 .
see no reason, at least for someone like me who colors within the lines if I may say so , to get future point releases of the 11 edition?
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software

https://cdimage.debian.org/debian-cd/cu ... so-hybrid/

Post Reply