TS does not often take part in updating or patching activities related to security vulnerabilities. This is mostly because when we have determined a product is mature, we cease development on the shipping image and lock it down. This prevents us from entering the very likely scenario that we might break our downstream's production environment with what otherwise might seem to be a minute change in Linux. Linux is a complex ecosystem and frequently even minor revision changes can cause catastrophic results where the downstream processes are unpredictable. Since we could potentially cost someone millions of dollars in down time, we have to approach such changes with extreme caution.
Given therefore that we more or less can not change anything about the software on a mature product, it's up to the downstream developer to maintain security patches and updates as they deem necessary. In Debian, these updates are typically found and installed using the apt repository's updating mechanism. The command line would look something like this:
apt-get update && apt-get upgrade
The kernel is somewhat more complex to patch but the patches are provided by kernel.org in most cases for the relevant kernels, and we provide instructions on how to compile the kernel in our product manuals, so the tools necessary to update are available if the need (or desire) arises.
Certainly moving forward with newer products, patches will be applied if they are made available in time, but we rely on the greater Linux community to merge that work into the mainline distribution and kernel repositories respectively. Once the product is released, Technologic Systems must be very careful about making any changes to the software image.
In the event such changes are deemed necessary, a Product Change System notice will be sent out to all subscribers. To subscribe to the PCS or check on previous PCS notices for your product of interest, please visit the TS PCS web site.