In an era where cyberattacks are growing more sophisticated, outdated systems remain the easiest targets. Security patching plays a vital role in closing these vulnerabilities, protecting sensitive data, and ensuring system stability. From fixing bugs to preventing ransomware, timely patching is one of the simplest yet most powerful defenses an organization can implement.<\/p>\n
<\/p>\n
Patching refers to the act of applying updates to software, operating systems, or applications for the purpose of resolving bugs, enhancing functionality, or addressing security issues. These patches play a vital role in ensuring the stability<\/span>, performance and security of IT systems<\/a>.<\/span><\/p>\n There are different categories of patching, including:<\/span><\/p>\n The purpose of security patching is to fix vulnerabilities in a system or software that could potentially be exploited by hackers. This helps keep the system safe from threats such as malware, ransomware, and unauthorized access.<\/p>\n Security patching is a critical IT process because unpatched systems are often the main target of cyber attacks. By ensuring timely patching, we can:<\/p>\n [ Also Read: Cybersecurity Roadmap<\/a>]<\/strong><\/p>\n Before applying any patch, it is important to know which version of the package is currently <\/span>installed on the server. This can be done using the following command:<\/span><\/p>\n rpm -q package-name<\/strong><\/p>\n Explanation: <\/span><\/strong>The <\/span>rpm -q<\/span> command queries the RPM database for the installed version of the specified <\/span>package. This allows us to compare the installed version with the latest available version <\/span>in the repositories.<\/span><\/p>\n To determine if an update is available for the package, use:<\/span><\/p>\n yum list available package-name<\/span><\/strong><\/p>\n Explanation: <\/span><\/strong><\/p>\n This command lists the latest version of the package available in the configured YUM <\/span>repositories. If an update exists, it indicates that a patch may be applied by upgrading the <\/span>package.<\/span><\/p>\n Sometimes, packages might be available under different names or multiple versions might exist. <\/span>To verify this, use:<\/span><\/p>\n yum list –showduplicates package-name<\/span><\/strong><\/p>\n Explanation:<\/span><\/strong><\/p>\n This command lists all versions of the package available in the repository. This helps <\/span>ensure that no versions are missed and the correct package is upgraded.<\/span><\/p>\n Even if a newer version is not required, the specific CVE might already have been addressed in <\/span>the installed version. To check, run:<\/span><\/p>\n rpm -q –changelog package-name | grep CVE-ID<\/span><\/strong><\/p>\n Explanation:<\/span><\/strong><\/p>\n The <\/span>–changelog<\/span> option shows the package’s changelog entries. Searching for the specific <\/span>CVE allows us to determine whether the vulnerability has already been fixed in the <\/span>installed version.<\/span><\/p>\n For <\/span>Amazon Linux<\/a><\/span>, security updates are tracked using <\/span>ALAS (Amazon Linux AMI Security <\/span>Advisories)<\/span>. ALAS provides detailed information about vulnerabilities, affected package <\/span>versions, and recommended patches.<\/span><\/p>\n Once the necessary patch version is identified, upgrade the package using the appropriate package <\/span>manager:<\/span><\/p>\n yum update package-name -y<\/span><\/strong><\/p>\n Explanation:<\/span><\/strong><\/p>\nTypes of Patching<\/h2>\n
\n
What is Security Patching?<\/h2>\n
Why Security Patching is Important<\/h2>\n
\n
Step-by-Step Process of Security Patching<\/h2>\n
1.Check Installed Package Version<\/h4>\n
2.Check for Available Updates in Repository<\/h4>\n
3.Check for Duplicate or Alternate Package Names<\/h4>\n
4.Verify Patch Status Using Changelog<\/h4>\n
5.Use ALAS (Amazon Linux Advisory Service) for CVE Reference<\/h4>\n
\n
1.<\/span> Identify your OS version (Amazon Linux 2 or Amazon Linux 2023).<\/span>
2.<\/span> Search for the CVE ID in ALAS to find the recommended package version or <\/span>command to apply the patch.<\/span>
3.<\/span> Execute the suggested command to update the package, which ensures that the <\/span>specific CVE is addressed.<\/span><\/li>\n<\/ul>\n6.<\/span>Apply Package Upgrade<\/span><\/h4>\n
\n
provides the exact command to apply the security patch. For Amazon Linux <\/span>
2023, this command may use <\/span>dnf<\/span> instead of <\/span>yum.<\/span><\/li>\n<\/ul>\n