Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [patch-management]

Patch Management refers to updating and patching systems, and particularly to tools and systems which automate this process for a large number of systems.

Patch Management refers to the important and never-ending task of installing software updates on systems, including the procedures involved with installing updates, defining update policies for an organization, and tools/systems to help with the patching process.

Patch Management may include patch selection methods (anything from manually reading the CVE list to automated vulnerability scans), patch deployment methods (manually installing patches, various software packages), and patch testing procedures (virtual environments, staged deployment, etc.)

Many tools (free and commercial) have evolved to help alleviate the workload. You may want to include a tag specific to the software you are using. Some examples include:

226 questions
0
votes
1 answer

Backporting packages should reverse dependencies be rebuilt

I'm using Ubuntu Jaunty on a few machines and am in the process of backporting / custom compiling a few deb packages to update PHP and OpenSSL. My question is though, should I also be recompiling all of the reverse depedencies for OpenSSL ?…
jonathanserafini
  • 1,768
  • 14
  • 20
0
votes
2 answers

run installer on all machines on domain

is it reasonable to automatically run an installer (for an activex control) as administrator on all machines in my domain, using an out-of-the-box windows (any version)?
Dustin Getz
  • 251
  • 2
  • 9
0
votes
5 answers

Efficiently installing fully-patched Windows XP, IE, and Office 2007 on an isolated PC

I have been tasked to install Windows XP, IE, and Office 2007 on a computer that will become part of a standalone network not connected to the Internet. What is a good way to install all of the security updates? I'm installing from CD's of Windows…
JPaget
  • 113
  • 1
  • 1
  • 5
0
votes
4 answers

how do you do linux patching in enterprise environment?

what are the most common tool that you used for linux patching in enterprise environment?
regmaster
  • 77
  • 1
  • 3
  • 9
0
votes
4 answers

What methods are available for updating a non-Internet-connected VMWare ESXi host?

I have a stand-alone installation of VMWare vSphere Essentials, with a vCenter Server and 3 ESXi 4.0 host servers. The environment is intended to remain as a stand-alone network, with the exception that I can "float" a workstation or server between…
romandas
  • 3,302
  • 8
  • 39
  • 44
0
votes
1 answer

Are there 3rd party tools or good custom queries for WSUS 3.0?

I'm working with a WSUS SP2 server, and I'm looking for ways to generate better reports. The built-in reporting system, is almost (but not quite) useless. My reading suggests that WSUS stores it's data in a SQL database, is anyone out there writing…
Bob
  • 2,569
  • 3
  • 26
  • 22
0
votes
0 answers

How to confirm whether the packages in local mirror are updated and in sync with official repo for ubuntu-20/22

I have created a local repo using apt-mirror for ubuntu20 and 22. When I run the command apt-mirror the command is successfully run. I see some files like packages.gz is showing the latest timestamp. How can I confirm that the apt-mirror is running…
Krish R
  • 1
0
votes
0 answers

Does Kerberos OOB Patch Change RC4-HMAC Settings on DC

I have a very specific question before we deploy the November 2022 OOB patch to resolve the Kerberos deal on our DCs. 1st - I ran a klist command on a Windows box and it returns about 16 server entries. Among them I notice the KerbTicket Type is…
DesignerMind
  • 101
  • 1
0
votes
0 answers

Can I use local repo for updating production machines for RHEL

If I create a local repo for RHEL patch updates, Can I use it for my production machines also. If I refer to the local repo for updates from the nodes, Then how would Redhat evaluate the license? Also, can I use the same repo for updating the RHEL…
Krish R
  • 1
0
votes
1 answer

How to install Data Protector RPM patch in Linux?

Well, HPE Data Protector has a long tradition of doing odd things. For example the way an rpm "patch" is installed is not via -U or -F, but differently, which brings me to my question: In the past every patch was accompanied by a corresponding .txt…
U. Windl
  • 366
  • 3
  • 17
0
votes
1 answer

Why MS Exchange Security Updates come in pair?

I need to install this security update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463 on Windows Server 2016. Why there are two items for Windows Server 2016? Should I install only Update 22 because it includes Update 21? If I…
abenci
  • 503
  • 1
  • 7
  • 17
0
votes
1 answer

Does packages security patches are backported to older version?

I see on cve.mitre.org that OpenLDAP (slapd) package have plenty of vulnerabilities prior to 2.4.57. If I want to install OpenLDAP from official repositories on my Debian 10, which version is slapd/oldstable,oldstable 2.4.47+dfsg-3+deb10u6 amd64. Do…
Stormrice
  • 63
  • 5
0
votes
1 answer

How to get patches for Java SE?

I have been struggling with this all day. Going on day 2. I created a support.oracle.com account and can login, however I am redirected a page asking for a Support Identifier. I do not have one, reading it says it would have sent with the…
James Connigan
  • 137
  • 2
  • 13
0
votes
1 answer

What is the best way to patch a server Win2012R2 that has not being patched for 2 years?

1-Native Windows Patch 2-Patch Management Software (Security Controls from Ivanti)? Any other general advice on a sequence, timeline to perform this long patch?
Alphonso Alves
  • 1
0
votes
2 answers

How to patch vmware-esxi via vcenter

Our company is using a single vmware-esxi host (vmware-esxi v6.5) which hasn't been patched since installation. The VMs are a windows server and a vcenter appliance. Using Update Manager I attached the baseline "critical host patches (predefined)"…
Arcocer Cerchio
  • 3
  • 2
1 2 3
15 16