Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [patch-management]

Patch Management refers to updating and patching systems, and particularly to tools and systems which automate this process for a large number of systems.

Patch Management refers to the important and never-ending task of installing software updates on systems, including the procedures involved with installing updates, defining update policies for an organization, and tools/systems to help with the patching process.

Patch Management may include patch selection methods (anything from manually reading the CVE list to automated vulnerability scans), patch deployment methods (manually installing patches, various software packages), and patch testing procedures (virtual environments, staged deployment, etc.)

Many tools (free and commercial) have evolved to help alleviate the workload. You may want to include a tag specific to the software you are using. Some examples include:

226 questions
3
votes
4 answers

How do you know when to patch your Ubuntu box?

I have a VPS hosted somewhere running Ubuntu 10.04. How do I know when to patch the system? Is there a notification system analogous to, for example, Mac OS or Windows warning me (through email) to apply updates?
Mark
  • 33
  • 4
3
votes
4 answers

Solaris 11: Quick way to fetch and install patches after initial install

Is there a quick command that will fetch patches from the internet and install them?
700 Software
  • 2,233
  • 10
  • 49
  • 77
3
votes
3 answers

`cannot find "-lgcc_s"` from gcc-3.4 on Ubuntu 11.04

I'm trying to use gcc-3.4 on the latest Ubuntu. The package is from debian snapshots. It probably assumes different default directory structure, so for example I was forced to give it -I /usr/include/i386-linux-gnu/, which gcc-4 assumed…
Elazar Leibovich
  • 466
  • 1
  • 5
  • 7
3
votes
2 answers

What is the diference between GPOs, WSUS, SCCM and SCE in software and patch deployment?

If any one can explain to me the difference between sccm, wsus, gpo, sce "system center essential", in sw and patch deployment. Thanks
Eddy
  • 257
  • 3
  • 10
  • 22
3
votes
4 answers

Diff and patch for big binary files

As part of my job I regularly need to upload big files (a 512 MB to 1 GB ISO, for example). In some cases, very little changes from ISO to ISO (say, a 10 MB file in a 1 GB ISO). Unfortunately, I can't just send the changed file - I need to send the…
ggambetta
  • 229
  • 3
  • 7
2
votes
1 answer

How do I upgrade/patch Java for Weblogic server 12 on RHEL7?

I have a RHEL7 server with Oracle Java 8 and Weblogic 12 installed. Java 8 was installed using an rpm from RedHat. Weblogic was installed using the installation package and instructions from Oracle (there was no rpm available from Redhat). During…
Klas Lindbäck
  • 121
  • 3
2
votes
2 answers

Passing Remote Client IP to WSUS Server behind Reverse Proxy Server

We have an internet facing WSUS server for our remote windows clients (laptops, remote users, etc..). As an extra layer of protection, we have placed the WSUS server behind a Reverse Proxy server using ARR/URL Rewrite, which proxies the requests to…
tresstylez
  • 378
  • 1
  • 4
  • 17
2
votes
1 answer

Confused on BigFix relevance - x64 files

I am using BigFix in an Enterprise Environment and noticed a recent round of Microsoft patches for 2016 have failed on a small group of assets. I was able to work around this by creating Custom Copy Fixlets, using modified relevancy, however the…
Sawta
  • 345
  • 1
  • 4
  • 13
2
votes
0 answers

Speeding up years of Windows patch backlog

In a 200 Windows server estate there are years of missing patches. What is the quickest way to patch those? Is WSUS smart enough to batch-install maximum patches to minimise reboots? Servers are mostly "generic" so there is somewhat less of a…
Konrads
  • 870
  • 2
  • 20
  • 40
2
votes
1 answer

Hardened compiler flags VS automatic security patches?

I noticed that a few select pieces of software in the Long Term Support repository for my Operating System, have not been compiled with PIE, or Immediate binding (for example). In the opinion of those here on serverfault, would it be more…
RapidWebs
  • 571
  • 4
  • 13
2
votes
1 answer

How to get the released package's .dsc file the Debian way?

DSCURL="$(wget -qO- "https://packages.debian.org/${SUITE}/${PKG}" \ | grep -o 'http.*\.dsc">\[' | cut -d'"' -f1)" [ -z "$DSCURL" ] && die 2 "no .dsc" dget ${ALLOW_UNAUTH} -x "$DSCURL" 2> "$TEMP" I am looking for the Debain-way of getting a…
Szépe Viktor
  • 139
  • 3
2
votes
3 answers

Batch download of Microsoft patches

I have servers which require patches, and they cannot be directly connected to the Internet. I've run a tool offline on the servers to determine exactly which security patches I need, which returns me the…
Adams
  • 21
  • 1
2
votes
2 answers

RHEL 5 list missing critical patches/packages

Im trying to figure out if there is an easy way to identify the missing critical patches/packages on my RHEL5 boxes. This is for audit purposes and was trying to figure out if there was an RPM command or something of the sort that would accomplish…
Vinnie Biros
  • 21
  • 2
2
votes
8 answers

Patch Management

I am looking for an open source patch management system that I can install locally. I would like to be able to store and search patches then download them to machines without having to search various websites. Any recommendations?
hiney
2
votes
2 answers

.Net Framework 3.0 SP2 KB2756918 not installing

Ok, I'm about out of ideas here. Can anyone help me with this .Net Framework Patch? I am trying to install a KB patch (KB2756918) to a Windows Server 2003 R2 x86 box. Edit: Just to clarify specs: Windows Server 2003 R2 32 bit Machines are on an…
Ben-Jamin
  • 163
  • 1
  • 11
1 2 3
15 16