This is MUST know for server admin.
Debin profide debsecan to analyzes the list of installed packages on the current host and reports vulnerabilities found on the system.
It runs locally and downloads vulnerability information over the Internet. It can send mail to interested parties when new vulnerabilities are discovered or when security updates become available.
Installing debsecan
# apt install debsecan
Installing:
debsecan
Using debsecan for linux-image (kernel)
# debsecan --suite trixie --only-fixed | grep -i linux-image
If empty, don't have to upgrade linux-image
e.g for
CVE-2024-XXXXX linux-image-6.12.57+deb13-amd64 (high urgency)
CVE-2024-YYYYY linux-image-6.12.57+deb13-amd64 (medium urgency)
you MUST upgrade your linux-image, and plan for reboot system for kernel upgrade!
to list vulnerable software
# debsecan --suite trixie --only-fixed --format packages
libavcodec59
libavfilter8
libavformat59
libavutil57
libpoppler126
libpostproc56
libssh-gcrypt-4
libswresample4
libswscale6
libvpx7
linux-headers-6.12.31-amd64
linux-headers-6.12.31-common
linux-headers-6.12.57+deb13-amd64
linux-headers-6.12.57+deb13-common
linux-kbuild-6.12.31
linux-kbuild-6.12.57+deb13
Note: they don't pose a runtime security risk to your system, but they are "out of date." . Consider to upgrade package.
