Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: kernel security update

  1. #11

    Default Re: kernel security update

    Quote Originally Posted by tsu2 View Post
    Bottom line is,
    Patching will only install available patches for the installed kernel (and everything else on that system). It's conceivable some kernels won't be patched for certain vulnerabilities.
    Updating will install the latest available and recommended version of everything no matter what repo the package might come from including the kernel. If you're using the standard "default" kernel from the OSS, it's highly likely that it's been patched regardless what version it is because openSUSE "backports" patches even to earlier kernels when they're in use.

    The above should apply to every available package in every configured repository on your system equally except when you configure otherwise, typically with a "--from" or possibly if a repository priority is modified (this latter I'm not sure the exact effect, only that it won't likely be default behavior). This is why for example we add the Packman repo with "--from" so that the system will always install a package from Packman if it's available and not from the OSS or non-OSS.

    Whether a package is more recent or not depends on the numerical part of the package's name, higher numbers are considered more recent.

    Thank you.

    zypper up
    is needed when someone wants all security updates/patches ?

  2. #12
    Join Date
    Jun 2008

    Default Re: kernel security update

    Quote Originally Posted by MakeTopSite View Post
    zypper up
    is needed when someone wants all security updates/patches ?
    zypper up is needed when you want new versions of packages on repos you are subscribed to.
    There is no categorization if these for security or what else.

    zypper patch installs newer versions from the Update repos (bad name, should better have been Patch repos).
    There are only Update repos that belong to the two repos that contain the official openSUSE distro: OSS and non-OSS. And yes, these are categorized in Security, Recommeneded, etc.

    So to get newer versions from extra repos, you either use a general zypper up (which btw will involve also a zypper patch) or a zypper up from a specific repo.

    BTW, when you decide to add extra repos to your installation, you better make a note of the why and the what. You, as system manager, should not be surprised by the fact you have them.
    Henk van Velden

  3. #13
    Join Date
    Mar 2011

    Default AW: kernel security update

    I'm sorry I don't rember exactly why this repo. Probably newer version of kernel was needed by some application.
    I would not use this Repo, I would use the OSS- and Update-OSS Repo.

    If you have a Intel 3168 Wifi Card you can use it temporarily because:
    * Sa Mär 14 2020
    - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168
    devices (bsc#1166632).
    - commit 12b634d

  4. #14
    Join Date
    Feb 2010

    Exclamation Re: kernel security update


    Another thought on this issue:
    1. The Kernel:openSUSE-15.1 buildservice project has openQA but, only for the Kernel itself.
    2. The majority of the Leap 15.1 applications have openQA but, they're being tested against the default Leap 15.1 Kernel.

    Therefore, you need to be aware that, although the Kernel versions available from the Kernel:0penSUSE-15.1 buildservice project have been or, are undergoing, openQA testing, the applications in the default Leap 15.1 repositories have only been tested against the default Leap 15.1 Kernel.

  5. #15

    Default Re: kernel security update

    Thank to all. I've installed default Leap 15.1 Kernel, disabled Kernel:OpenSUSE-15.1 repository and removed it's kernel.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts