How to Safely Apply Critical Security Updates Across Major Linux Distributions

Keeping your Linux system secure requires timely application of security patches. This guide walks you through the process of updating key packages on several popular distributions, based on the latest security announcements. Whether you run AlmaLinux, Debian, Fedora, Mageia, Oracle Linux, Red Hat, Slackware, SUSE, or Ubuntu, the steps below will help you protect your system against vulnerabilities.

What You Need

• A Linux system running one of the distributions listed below (AlmaLinux, Debian, Fedora, Mageia, Oracle Linux, Red Hat Enterprise Linux, Slackware, SUSE Linux Enterprise/openSUSE, or Ubuntu)
• sudo or root access to install updates
• A stable internet connection to download packages
• Basic familiarity with the terminal and package managers
• For some updates (e.g., kernel), a system reboot may be required – plan accordingly

Step-by-Step Guide

Step 1: Identify Your Distribution and Corresponding Packages

Note the specific packages that have security updates for your distribution. Refer to the following list:

• AlmaLinux: kernel, kernel-rt, libcap, LibRaw, openssh, thunderbird, tigervnc
• Debian: libarchive, lxd
• Fedora: chromium, insight, nodejs20, rust-sequoia-git, uriparser
• Mageia: kernel, kmod-virtualbox
• Oracle Linux: kernel, libcap, thunderbird, uek-kernel
• Red Hat (RHEL): .NET 10.0, .NET 8.0, .NET 9.0, fence-agents, sudo, systemd
• Slackware: httpd
• SUSE (SLES / openSUSE): freerdp, hauler, helm, himmelblau, kernel, libspectre, thunderbird, trivy, xen
• Ubuntu: curl, exim4, sed

Step 2: Open a Terminal and Check for Available Updates

Use the appropriate command for your distribution to refresh the package database and see what security updates are pending.

• AlmaLinux, Oracle Linux, Red Hat, Fedora: sudo dnf check-update --security (or sudo yum check-update --security on older versions)
• Debian, Ubuntu: sudo apt update followed by apt list --upgradable 2>/dev/null | grep -i security
• Mageia: sudo urpmi.update -a and then sudo urpmq --list-updates
• Slackware: sudo slackpkg update gpg and sudo slackpkg update
• SUSE: sudo zypper refresh and sudo zypper list-patches --category security

Make note of any listed packages that match the ones from Step 1.

Step 3: Install the Security Updates

Apply updates using distribution-specific commands. It is often safe to install all available security updates at once, but you can also target specific packages if you prefer.

• AlmaLinux, Oracle Linux, Red Hat, Fedora: sudo dnf upgrade --security or sudo yum update --security
• Debian, Ubuntu: sudo apt upgrade (applies all updates) or sudo apt install --only-upgrade ... for individual packages
• Mageia: sudo urpmi --auto-select or sudo urpmi
• Slackware: sudo slackpkg upgrade-all (interactively)
  For a specific package like httpd: sudo slackpkg install httpd after syncing
• SUSE: sudo zypper patch --category security

During installation, you may be prompted to confirm changes. Review the list and accept when ready.

Step 4: Reboot the System if Necessary

If the updates include kernel packages (or other critical system components), a reboot is typically required for the changes to take effect. Use:

sudo reboot

After reboot, verify the new kernel version with uname -r and ensure it matches the updated package version.

Step 5: Verify Installation

Confirm the updates were applied correctly. Check the package version or look for confirmation messages.

• AlmaLinux/Oracle/Red Hat/Fedora: rpm -qa | grep or dnf list installed
• Debian/Ubuntu: dpkg -l | grep
• SUSE: zypper se --installed-only
• Slackware: slackpkg info
• Mageia: rpm -q

Also check system logs – e.g., journalctl -xe or /var/log/dnf.log – for any errors.

Tips for a Smooth Update Experience

• Test in a staging environment first whenever possible, especially for production servers or kernel updates.
• Back up critical data before applying major updates – a simple tar of important directories can save you trouble.
• Keep an eye on the official security advisories for your distribution – they often explain the severity and impact of each patch.
• Use a scheduled maintenance window for updates that require a reboot, to minimize downtime.
• If a package fails to install, check for dependency issues with commands like apt --fix-broken install (Debian/Ubuntu) or dnf distro-sync (RHEL-based).
• Monitor for post-update issues – if a service stops working, check its logs and consider rolling back the update using package manager history (e.g., dnf history undo).
• Stay informed about package-specific updates like .NET core versions and virtualization tools (e.g., VirtualBox kernel modules).