Overview
Security updates are the lifeblood of system integrity. Each week, distributions release patches to address vulnerabilities in critical software. This guide provides a step‑by‑step approach to applying the latest security updates from AlmaLinux, Debian, Fedora, Red Hat Enterprise Linux, SUSE, and Ubuntu. By the end, you’ll know exactly how to secure your systems against the threats listed in the original advisory.
Prerequisites
Before diving in, ensure you have:
- Root or sudo access – All package management commands require elevated privileges.
- An active internet connection – Packages are fetched from official repositories.
- Familiarity with the terminal – Basic command‑line navigation is assumed.
- Backups or snapshots – (Recommended) In case an update causes regressions.
Step‑by‑Step Instructions
Each distribution uses a different package manager and repository structure. Below you’ll find commands to update the exact packages mentioned in the original advisory. For clarity, we’ve grouped instructions by vendor.
AlmaLinux
AlmaLinux is a RHEL‑descendant that uses dnf. To update the listed packages, run:
sudo dnf update --advisory=$(date +%Y-%m-%d) # or use specific package namesFor individual packages (e.g., buildah, firefox, gdk-pixbuf2, etc.):
sudo dnf update buildah firefox gdk-pixbuf2 giflib grafana java-1.8.0-openjdk java-21-openjdk LibRaw OpenEXR PackageKit pcs python3.11 python3.12 python3.9 sudo tigervnc vim xorg-x11-server xorg-x11-server-Xwayland yggdrasil yggdrasil-worker-package-managerDebian
Debian uses apt. First refresh the package cache, then upgrade the three packages:
sudo apt update
sudo apt install --only-upgrade calibre firefox-esr openjdk-17To see the changelog for each:
apt changelog calibre firefox-esr openjdk-17Fedora
Fedora, like AlmaLinux, uses dnf. Update the entire list with one command:
sudo dnf update --refresh
# Or target specific packages:
sudo dnf update asterisk binaryen buildah dokuwiki lemonldap-ng libexif libgcrypt miniupnpd openvpn podman python3.9 rust-rpm-sequoia skopeo xdg-dbus-proxyAfter updating, verify the new versions:
rpm -q asterisk binaryen buildahRed Hat Enterprise Linux (RHEL)
RHEL subscribers can use dnf as well, though the package lists differ. Update the specific advisories:
sudo dnf update buildah gdk-pixbuf2 nodejs:20Note the use of the module syntax for Node.js (stream 20).
SUSE Linux Enterprise / openSUSE
SUSE distributions use zypper. To install the listed updates:
sudo zypper refresh
sudo zypper update dnsdist libheif openCryptoki polkit sed xenIf you prefer a more selective approach:
sudo zypper install --from-repo=updates dnsdist libheif openCryptoki polkit sed xenUbuntu
Ubuntu relies on apt. Refresh and then upgrade the three packages:
sudo apt update
sudo apt install --only-upgrade linux-bluefield python-marshmallow roundcubeNote that linux-bluefield is a kernel package; a reboot may be required.
Common Mistakes
- Forgetting to refresh repository metadata. Always run
apt updateordnf makecachebefore upgrading. - Updating too many packages at once. Group changes by vendor to isolate issues.
- Ignoring package conflicts. If
dnforaptreports dependency errors, resolve them manually rather than forcing the update. - Skipping post‑update steps. Some updates (kernels, graphics drivers) require a reboot. Always check after installation.
- Not reading release notes. Vulnerabilities sometimes require manual intervention beyond patching.
Summary
Applying security updates is a routine but critical task. This guide covered the exact steps for six major Linux distributions, from AlmaLinux to Ubuntu. Remember to always test updates in a staging environment when possible, and never postpone critical patches. Use the commands above to keep your systems hardened against the latest threats.