Re: Updates vs. patches

From: Nils Petter Vaskinn (no@spam.for.me.invalid)
Date: 02/17/03

• Next message: those who know me have no need of my name: "Re: cannot login as root directly"
• Previous message: Chris Overman: "Re: cannot login as root directly"
• In reply to:(deleted message) bill: "Updates vs. patches"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Nils Petter Vaskinn <no@spam.for.me.invalid>
Date: Mon, 17 Feb 2003 14:00:14 GMT

On Mon, 17 Feb 2003 14:39:02 +0100, bill wrote:

> I'm new to Unix/Linux/Debian administration. I've inherited a laptop
> running Debian, and I'm trying to reduce my complete cluelessness as
> quickly as possible. Can someone explain to me why there are both
> security updates and patches? My understanding is that one applies
> security updates with something like apt, and one applies patches by
> first invoking the patch command and then rebuilding the kernel. Is
> this correct? Which is the best approach?
>
> Many thanks!
>
> bill

A secutity update is usually the complete compiled program (or selected
changed files) that you use to replace a previously installed binary.

A patch assumes you've compiled and installed a program from source code.
The patch file (or diff) contains the difference between two versions of
the source code (the original version and one where the security flaw is
fixed). You use this to change your copy of the source code (using patch
program) , compile and install again.

Updating binary packages is easier than patching source. diffs are (much)
smaller and are better if you have tuned and/or modified the source and
compiled for your specific system.

e.g For a compiled program that takes 2MB a fix of a tiny error yould
require a new 2MB transfer, the patch could be as small as 10 lines of
text.

NP

NP

---

• Next message: those who know me have no need of my name: "Re: cannot login as root directly"
• Previous message: Chris Overman: "Re: cannot login as root directly"
• In reply to:(deleted message) bill: "Updates vs. patches"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Linux jpg conversion ... compile the OS yourself? ... though it's not in the source code, ... Why should I trust code from a monopoly that fights ... No, there is no absolute security, there never is. ... (rec.photo.digital.slr-systems) Re: virus patch ... security would you let them in?" ... > open and install a patch attached to the e-mail. ... The source code indicated that it came ... (microsoft.public.security) Re: YANI: Put critical messages in a pop up window ... I did not see any instructions on how to apply the patch. ... compile or whatever I need to do to get the patch on my system. ... Nethack being pretty old code, everything is hardcoded into the executable and you cannot "mod" Nethack by simply editing a couple of text files. ... The patch is, indeed, C code as it is a piece of source code to be inserted at the right place in the Nethack code. ... (rec.games.roguelike.nethack) Howto patch and complie nethack on win ce? ... I've seen some nethack patch pages like ... How do I compile the source code? ... (rec.games.roguelike.nethack) VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 ... Patch URL: http://www.vmware.com/download/esx/esx-253-200610-patch.html ... Updated package addresses several security issues. ... Common Vulnerabilities and Exposures project assigned ... VMware Security Response Policy ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2003-02