Skip to main content

Patching Linux - Pain or Gain?

Patching Linux

There are four basic reasons patching your Linux machines is important :

  • Security
  • Maintenance
  • Supportability
  • Error Fixing


Possibly the most important reason to update your OS is to maintain a secure environment for your machine’s applications. Applying security patches will update your machine and plug up security holes left by outdated software or poorly written applications. You really want to keep others from accessing your file system through some newly found vulnerability. If someone should get in, that person can possibly get important data, change security settings on the machine or even install some little piece of software you may not so easily catch. For example, software like rootkits can be installed and will use newly added processes, wresting some control from the unwary administrator. Even more, now that a machine is potentially “under the control” of someone else, it may become the unwilling participant in a bot attack involving other commandeered machines, coming from your network or across the Internet.

There are plenty of ways to keep your machines safe, but most importantly, keep up with the all the latest security alerts. Checking up on updated packages occasionally can save you from having to deal with the repercussions of having your data stolen or rebuilding your machine. Vendors and distributors like RedHat, SuSE and Ubuntu have special alert services and websites that get updated with the latest security news and information. You can also look up security based web sites like Secunia or the United States Computer Emergency Readiness Team (US-CERT) for more information on current vulnerabilities and how they’re affecting other computers in the wild.


Maintaining a solid working environment is the second reason for keeping your machine up to date. Having the latest/greatest software keeps you up with the times. As we all know, technology doesn’t slow down, and new software features are always popping up. For example, an application’s previous version may have needed an interface to a MySQL database, but with the advent of a new XML feature, the database requirement becomes non-existent. By updating your software, you can use the newer XML feature, and enjoy the benefits of updated technology.

Patching your Linux machine may also present another challenge…dealing with dependencies. If you patch your OS the wrong way, you may run into dependency conflicts that, if not resolved, could prevent you from updating your application. Let’s take an application like Gallery, a web based open-source photo album, as an example. You definitely wouldn’t be able to run Gallery with an older mySQL installation on your computer. Certain requirements would not be met and during the Gallery installation you would get messages coming back about first having to update other dependent packages. You would then have to update those dependencies as well for your Gallery installation to succeed. Theoretically, you could spend quite some time trying to find the appropriate packages, until you get it all straightened out.


If you are going run Linux in an enterprise environment where you have various levels of expertise on-staff, it is important to make sure that you have your OS at a supportable level. Sure, Linux may be a free operating system, but if your operations are the type that support life or manage your company’s finances, you need to have access to a high level of expertise—you’ll never know for sure if you’re going to need it, and while support is not cheap, it’s necessary.

To qualify for support from most vendors, if not all, you need to have a supportable version of the OS to call in for. Just ask yourself this…“In 2007, who supports RedHat Linux 6.0 ?” Running an older version of an OS can potentially be more expensive to support, as fewer people work with it. Thus, it’s to your benefit to upgrade that RedHat server to a newer version, if not the latest. The big Linux distributions will usually list their supported OS levels, and also give end-of-life information so you can know when you should upgrade those older machines and OSes.

Error Fixing

The last reason for why you want to install newer software packages is to replace software that is problematic. Memory leaks, for example, are problems caused by errors that may have been missed during development. Software performance can also be fixed or improved on a well maintained machine. Just keep in mind that though most of these updates are listed as “optional”, but they can also be listed in a “critical” category if their defects can lead to security holes or other vulnerabilities.