I've been trying to teach myself Linux (Ubuntu 16.04 LTS - Xenial Xerus). I'm at the "for-idiots" level. Sadly, I'm not fluent in commands and terminology. I'm learning by fumbling and bumbling, and not really understanding what I'm doing. That, then, is the context for this request for help. Which is:
Is there some way to verify whether I've managed to download (to a Toshiba Satellite L840 - not the machine I'm presently using) the KRACK wpa2 vulnerability patches for Ubuntu 16.04? (Namely, those listed on "USN-3455-1: wpa_supplicant and hostapd vulnerabilities").
I had updated the L840 on 17th October using "sudo apt-get update" and "sudo apt-get dist-upgrade" and may have got the patches then (Sadly, I didn't really take notice of what was downloading then, as I only read the Vanhoef article after updating).
Today, I again updated the L840 using "sudo apt-get update" and "sudo apt-get dist-upgrade". Later, reading online, I came across "Upgrades: Desktop" (https://wiki.ubuntu.com/Security/Upgrades#Desktop). I rediscovered I had an Update Manager and used that to yet again update the machine (I got 50 MB more!). Nothing I saw in the details of either update today resembled the "KRACK" patches.
Today, after using the Update Manager, I again tried for updates using "sudo apt-get update" and "sudo apt-get upgrade" (not "dist-upgrade") but the terminal dialogue just seemed to indicate there was nothing to get and nothing had been got.
Running the command "sudo apt-get changelog wpasupplicant" (found at https://askubuntu.com/questions/965684/has-ubuntu-been-patched-against-the-krack-attack) showed (I think) that the patches are in their repositories and can be downloaded by the usual update commands. Trouble is, with "dist-upgrade", I've often seen a message at the end that some packages (they are always listed) were "automatically downloaded", are not needed and can be got rid of using a given command. I did that today (before using the Update Manager) and probably did on the 17th also.
I'd hate to think that, with my bumbling "method", I'd downloaded the patches only to remove them again!
So (sorry I'm long-winded) is there some way of searching a machine to verify what patches have beenb downloaded? Windows rather spoils you, since you can go to Update History and from there work out what you've got. How it's done in Ubuntu I don't know. Anyone able to help?
Edited by Itchy01, 23 October 2017 - 03:20 AM.