Results 1 to 9 of 9

Thread: openssl again -- zypper up or patch

  1. #1
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,273
    Blog Entries
    2

    Lightbulb openssl again -- zypper up or patch

    Was looking for the update, didn't see it but upon closer inspection my systems updated openSSL before I realized it was needed.

    Yes, Virginia...
    Although not as serious as Heartbleed another fairly serious openssl vulnerability was just patched (as well as a number of others)
    http://lists.opensuse.org/opensuse-s.../msg00008.html

    Inspecting my systems, it looks like updating or patching will install the necessary security fix
    Code:
    zypper up
    or
    Code:
    zypper patch
    The link above describes the openssl version you want to see if you run the following
    Version: 1.0.1h-11.48.1
    Code:
    zypper info openssl
    Congrats to our Developers who pushed a patch within hours

    TSU

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,130

    Default Re: openssl again -- zypper up or patch

    Well, as
    Code:
    zypper patch
    (or YaST > Softwarer > Online update) will install all that is on the Update repos (when you have the package of course and when there is a security or recommended update) and because that is all you get (and need) during the lifetime of an openSUSE version, it is logical to me that you get such an update. The more because it is anouinced on the News and Anouncements > Security anouncemenats on our forums https://forums.opensuse.org/forumdis...-Announcements

    And as
    Code:
    zypper update
    incorporates zypper patch, I am not amazed that it installs the same security update (when not already installed).

    But I fail to see the question you have.
    Henk van Velden

  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,273
    Blog Entries
    2

    Default Re: openssl again -- zypper up or patch

    Not a question(note the light bulb icon), but something important enough people should know to do because of the unusual serious consequesnces if you don't.

    Since openSUSE normally updates or patches on bootup, this warning/advisory applies mainly to anyone who runs the machine 24/7. These people wouldn't automatically get the patch so need to do something manually.

    TSU

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,615
    Blog Entries
    3

    Default Re: openssl again -- zypper up or patch

    Quote Originally Posted by tsu2 View Post
    Since openSUSE normally updates or patches on bootup, ...
    Does it? I have never seen that happen.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  5. #5
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,743

    Default Re: openssl again -- zypper up or patch

    Apper runs at or soon after a new boot.

    But if you run Apper you will normally get notified of updates anyway.

  6. #6
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,615
    Blog Entries
    3

    Default Re: openssl again -- zypper up or patch

    Quote Originally Posted by gogalthorp View Post
    Apper runs at or soon after a new boot.
    Yes, but it does not update. It just notifies you that there are updates.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  7. #7
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,743

    Default Re: openssl again -- zypper up or patch

    True unless you have auto-update set on

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,130

    Default Re: openssl again -- zypper up or patch

    I guess that everybody that runs a system, 24/7 or not, has his policy for updates in place.
    Henk van Velden

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: openssl again -- zypper up or patch

    On 2014-06-07 22:46, tsu2 wrote:

    > Since openSUSE normally updates or patches on bootup, this
    > warning/advisory applies mainly to anyone who runs the machine 24/7.
    > These people wouldn't automatically get the patch so need to do
    > something manually.


    The same as those that get the update on boot, which is not really boot,
    but desktop session start, via apper. Apper runs periodically.

    But people running machines 24/7, like me, disable apper. We use other
    strategies, typically.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 13.1 x86_64 "Bottle" at Telcontar)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •