Debian bullseye11/7/2023 You do a minimal system upgrade, as described in Section 4.4.5, “Minimal system upgrade”, followed by a kernel upgrade and reboot,Īnd then upgrade the packages associated with yourĬritical services. If the system being upgraded provides critical services for your users or the Possibility of services being unavailable for a significant period of time. The system requests input during the upgrade there is a high Notice that if the upgrade process is left unattended and Packages being upgraded in the system, and it also includes the time the systemĪdministrator spends answering any configuration questions from package The precise downtime for these services will vary depending on the number of During this time, these services will not be If this is the case, please note that,ĭuring the upgrade, these services will be stopped while their associated packagesĪre being replaced and configured. There might be services that are offered by the system which are associated with packages The upgrade has a few preconditions you should check them before actually You may also want to inform users about this.Īny package installation operation must be run with superuser privileges, soĮither log in as root or use su or sudo to This backup may help to restore or recreate the old settings. As a precaution, you may want to makeĪ backup of the hidden files and directories ( “ dotfiles”) in users' homeĭirectories. Overwrite existing user settings with new defaults when a new version of theĪpplication is first started by a user. Of the Mozilla suite, and the GNOME and KDE desktop environments) are known to The upgrade process itself does not modify anything in the Will also want to back up /var/lib/aptitude/pkgstates. If you use aptitude to manage packages on your system, you $ dpkg -get-selections '*' # (the quotes are important) var/lib/apt/extended_states and the output of: The main things you'll want to back up are the contents of Hardware failure in the middle of an upgrade could result in a severely damaged The upgrade tools and process are quite reliable, but a Transitional dummy packagesĤ.1.1. Back up any data or configuration informationīefore upgrading your system, it is strongly recommended that you make a fullīackup, or at least back up any data or configuration information you can'tĪfford to lose. Upgrading your kernel and related packages 4.6.1. Full-upgrade fails with “ Could not perform immediate configuration” 4.5.2. Make sure you have sufficient space for the upgrade 4.4.4. Adding APT sources from optical media 4.4. Adding APT sources for a local mirror 4.3.3. The non-free and non-free-firmware components 4.2.9. Clean up leftover configuration files 4.2.8. Prepare a safe environment for the upgrade 4.2. Back up any data or configuration information 4.1.2. To mitigate the “Downfall” and “INCEPTION” flaws, the Debian Project recommends all Debian Bullseye and Bookworm users to update their kernel and intel-microcode packages to the new versions available in the repositories as soon as possible.Table of Contents 4.1. Then, the attacker could use this to control the speculative target of a subsequent kernel RET, which could lead to information disclosure via a speculative side-channel attacks. On top of that, the new Debian Bullseye and Bookworm kernel security updates address CVE-2023-20569, a security flaw known as “INCEPTION” or Speculative Return Stack Overflow (SRSO), another hardware vulnerability that affects all AMD Zen CPUs.ĭiscovered by Daniel Trujillo, Johannes Wikner, and Kaveh Razavi, this flaw could allow an attacker to mis-train the CPU BTB to predict non-architectural CALL instructions in the kernel space. The new intel-microcode security update also patches CVE-2022-41804, an unauthorized error injection in Intel SGX or Intel TDX for some Intel Xeon CPUs that may allow a local user to potentially escalate privileges, as well as CVE-2023-23908, a flaw that would lead to improper access control in some 3rd Gen Intel Xeon Scalable CPUs, which may result in an information leak.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |