I maintain a few webservers running ubuntu, apache, mysql, and python/django. I update all the libraries quarterly, but I'd like to update more often when a patch for a major vulnerability is released?
Is there any good service to sign up for email alerts?
You could try signing up for the US-CERT Weekly Vulnerability Summary.
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
US-CERT also has some other alerts and options, including ATOM feeds. Take a look at https://www.us-cert.gov/ncas.
Purdue University's CASSANDRA tool "simplifies keeping up-to-date with vulnerabilities in the National Vulnerability Database (NVD, formerly ICAT) or Secunia databases. Instead of going to these sites every day and repeating your searches, Cassandra does the work for you (even twice a day for Secunia). It works by saving lists of products, vendors and keywords into 'profiles'. Whenever new information is available, Cassandra can notify you by email. You can create as many profiles as you want, for networks, typical installs, important hosts, or simply areas of interest to you. The important thing is that you should get emails only for things that are relevant to you, so you don't have to scan every message on various mailing lists."
The configuration interface is cumbersome, but it's free, and it works.
Secunia also makes a glorious little package called Secunia PSI which alerts you when there are patches available for the software installed on your computer. PSI is for personal use, and is free. For non-windows devices, obviously subscribing to the relevant CERT list is a good idea. The problem I have with CERT lists is that they don't report on the less widely impacting bugs that can still be really problematic for end-users. e.g. they'll report on a bug in IE or flash, but not one in say Filezilla or uTorrent... at the end of the day, those end-user applications are still important to ensuring your system(s) are secure.
Most countries have a 'CERT' (Computer Emergency Readiness Team) which provides both paid and free services to alert subscribers to vulnerability announcements. The general difference between the paid and free service is that paid subscribers may receive earlier notification or additional notifications via SMS etc for particularly serious vulnerabilities. These bodies often provide other value added services as well, such as summaries of significant malware, bonnet etc activity.
In addition to the CERT bodies, there are also various vulnerability database sites, such as the National Vulnerability Database from NIST https://nvd.nist.gov. Some vendors also provide similar databases such as Rapid7's database at https://www.rapid7.com/db. You may also find the open source vulnerability database useful given the systems you mentioned http://osvdb.org
Of course, if your using a single distribution, such as Debian, Red Hat etc, you will find details of security updates etc on their web sites and should be subscribed to their security update repositories etc.
