Expected Behaviour of "Install security updates"

5 posts / 0 new
Last post
#1 Fri, 06/06/2014 - 05:15

Expected Behaviour of "Install security updates"

System is VirtualMin/WebMin managing Ubuntu Server 12.04 64-bit. I have set "Software Package Updates / Scheduled checking options" to check daily, email me updates report and to "Install security updates".

So far over a period of weeks it has emailed me the update reports reliably, but cannot see that it has installed any security updates - including recent openSSL updates that are marked as "Security Updates".

I have just had to install these and previous updates manually via the WebMin interface, which worked without any problem.

Is this a bug, or am I misunderstanding what is actually expected behaviour?


Fri, 06/13/2014 - 04:11

Bump! Can anybody advise me what I should expect to see in terms of auto-installation of security updates with this set up?

Wed, 07/23/2014 - 18:46

I can add that I've always had that setting as well, but I always end up installing them all myself...they don't seem to install on their own, I just figured I must either not wait long enough or there is some other related setting?

Wed, 07/23/2014 - 23:20

If packages are classified as security updates or not is usually up to the packager. I don't know how the updates module does security/updates installation, but on CentOS boxes yum needs a plugin to enable installing only security updates. "yum-plugin-security" is the package.

On one of my CentOS 6 Virtualmin boxes, I have pending updates for openssl, httpd, etc. And they are not classified as security updates.

This mainly applies to CentOS, but may explain the behaviour you are seeing as well.

Thu, 07/24/2014 - 05:58

lp86, thanks for adding that. It may not solve the problem but gives us a better picture of what to expect from the VirtualMin environment.

The equivalent to "yum-plugin-security" in the Ubuntu would seem to be "unattended-upgrades", which I have successfully used to keep desktop systems updated. I wonder if that is similarly a pre-requisite for auto-updates to function?

Topic locked