How to Apply Critical Security Patches Across Major Linux Distributions

Introduction

Keeping your Linux system secure requires timely application of security updates. This guide walks you through the process of installing the latest patches issued for AlmaLinux, Debian, Fedora, Red Hat, SUSE, and Ubuntu as of the most recent update cycle. By following these steps, you'll ensure your system is protected against known vulnerabilities in packages like buildah, firefox, gdk-pixbuf2, and many others.

What You Need

• Root or sudo access to each system you plan to update.
• Internet connectivity to download packages from official repositories.
• A terminal emulator (e.g., GNOME Terminal, Konsole, or SSH session).
• Basic familiarity with the command line – you'll be running package manager commands.
• Backup of important data (recommended before any major update).

Step-by-Step Update Process

Step 1: Verify Your Distribution and Version

Before applying updates, confirm which distribution and version you're running. Use the following commands:

• AlmaLinux / Red Hat / Fedora: cat /etc/redhat-release
• Debian / Ubuntu: lsb_release -a
• SUSE: cat /etc/os-release

This ensures you apply the correct patches for your system.

Step 2: Update AlmaLinux

AlmaLinux has released patches for multiple packages including buildah, firefox, grafana, and sudo. To install them:

1. Open a terminal with root privileges: sudo -i or su -
2. Refresh the package cache: dnf check-update
3. Update all packages: dnf update
4. Alternatively, update only the affected packages: dnf update buildah firefox gdk-pixbuf2 giflib grafana java-1.8.0-openjdk java-21-openjdk LibRaw OpenEXR PackageKit pcs python3.11 python3.12 python3.9 sudo tigervnc vim xorg-x11-server xorg-x11-server-Xwayland yggdrasil yggdrasil-worker-package-manager
5. Reboot if a kernel or core library was updated.

Step 3: Update Debian

Debian's updates cover calibre, firefox-esr, and openjdk-17. Follow these steps:

1. Become root: sudo -i
2. Update the package list: apt update
3. Upgrade all packages: apt upgrade
4. To upgrade only the specific packages: apt install --only-upgrade calibre firefox-esr openjdk-17-jre
5. Reboot if necessary (especially after OpenJDK updates).

Step 4: Update Fedora

Fedora has patches for asterisk, binaryen, dokuwiki, and many others. Use DNF:

1. Open a terminal with sudo privileges.
2. Check for updates: sudo dnf check-update
3. Apply all updates: sudo dnf upgrade
4. For selective updates, run: sudo dnf upgrade asterisk binaryen dokuwiki lemonldap-ng libexif libgcrypt miniupnpd openvpn podman python3.9 rust-rpm-sequoia skopeo xdg-dbus-proxy
5. Reboot if the kernel or systemd was updated.

Step 5: Update Red Hat Enterprise Linux

Red Hat's advisory includes buildah, gdk-pixbuf2, and nodejs:20:

1. Use su - to become root.
2. Check for applicable errata: yum check-update or dnf check-update
3. Install updates: yum update or dnf update
4. To update only the listed packages: yum update buildah gdk-pixbuf2 nodejs (note: nodejs:20 is a module stream; if you're using AppStream, run yum module update nodejs:20)
5. Reboot if needed.

Step 6: Update SUSE Linux Enterprise / openSUSE

SUSE's updates affect dnsdist, libheif, openCryptoki, polkit, sed, and xen:

1. Open a terminal with root access: sudo -i
2. Refresh repository metadata: zypper refresh
3. Update all packages: zypper update
4. For targeted updates: zypper install --from-repo dnsdist libheif openCryptoki polkit sed xen (adjust repo if needed)
5. Reboot after Xen hypervisor updates.

Step 7: Update Ubuntu

Ubuntu patches cover linux-bluefield, python-marshmallow, and roundcube:

1. Open a terminal and run: sudo apt update
2. Apply all upgrades: sudo apt upgrade
3. To update only the specific packages: sudo apt install --only-upgrade linux-image-bluefield python3-marshmallow roundcube
4. Reboot if a kernel update was applied.

Step 8: Verify Updates Were Applied

After installing updates, confirm the new versions are active:

• Check the installed version of a package: rpm -q (RPM-based) or dpkg -l (Debian-based).
• Review the list of recently installed updates: dnf history, apt list --upgradable (should be empty), or zypper history.
• Test critical services (e.g., Firefox, Apache, SSH) to ensure they start correctly.

Tips for a Smooth Update Process

• Schedule updates during maintenance windows – some updates (like kernel or X11) require a reboot and may temporarily disrupt services.
• Use a staging environment – test the patches on non-production systems first, especially for packages like grafana or dokuwiki that handle sensitive data.
• Monitor official advisories – subscribe to your distribution's security mailing list to stay informed about future updates.
• Keep configuration backups – before updating packages like pcs (Pacemaker) or openvpn, backup their config files.
• Don't ignore selective updates – even if you skip a full system upgrade, prioritize packages listed in security advisories.
• Check dependencies – for module streams (e.g., nodejs:20 on RHEL), ensure the correct module is enabled: yum module enable nodejs:20 before updating.