Comment 50 for bug 1674532

#Fixed LTS package versions: 2.23-0ubuntu7 (xenial) & 2.19-0ubuntu6.11 (trusty)

@jozznaz, jm7485 & co: You're not alone for me it was way more than 50 boxes where the PHP stuff couldn't resolve names anymore and needed my attention. Nasty and frustrating for sure ... and i was also swearing ;)

But for all the "haters": Keep in mind that automatic updates means you automated a change request that can fail by definition, that's why you should do them in a specific time frame so you're able to respond quickly in case of failure. If you don't know how to do that and you're going fully productive with your servers better find a real Linux admin who knows more then just "apt install unattended-upgrades" ;)

Otherwise a preintegrated solution to problems with libc updates is to blacklist them in /etc/apt/apt.conf.d/50unattended-upgrades:

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};

But be aware the security holes in there can effect a lot of stuff and will not get patched if you blacklist them. In general i run unattended-upgrades for many many years now and it was the second time i got nuked so it's still a good trade off if you consider the time you save for manually patching or that you have patched systems when you don't have the time.

Another paid solution would be to talk with Canonical about Landscape in what ways it can help here: https://landscape.canonical.com/