Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: kernel security update

  1. #1

    Default kernel security update

    There is info about kernel security update:
    http://lists.opensuse.org/opensuse-s.../msg00021.html

    But
    Code:
    zypper patch
    does nothing:

    Code:
    # LANG=C zypper ref && LANG=C zypper patch && LANG=C  zypper lu
    Repository 'Kernel:openSUSE-15.1' is up to date.                                                                                               
    Repository 'openSUSE:Leap:15.1:Update' is up to date.                                                                                          
    Repository 'libdvdcss repository' is up to date.                                                                                               
    Repository 'Packman Repository' is up to date.                                                                                                 
    Repository 'openSUSE-leap/15.1-Non-Oss' is up to date.                                                                                         
    Repository 'openSUSE-leap/15.1-Oss' is up to date.                                                                                             
    Repository 'openSUSE-15.1-Update' is up to date.                                                                                               
    All repositories have been refreshed.
    Loading repository data...
    Reading installed packages...
    Resolving package dependencies...
    
    Nothing to do.
    Loading repository data...
    Reading installed packages...
    S | Repository           | Name                 | Current Version              | Available Version            | Arch  
    --+----------------------+----------------------+------------------------------+------------------------------+-------
    v | Kernel:openSUSE-15.1 | kernel-default       | 4.12.14-lp151.98.1.ge97ba75  | 4.12.14-lp151.108.1.gf0f1262 | x86_64
    v | Kernel:openSUSE-15.1 | kernel-default-devel | 4.12.14-lp151.98.1.ge97ba75  | 4.12.14-lp151.108.1.gf0f1262 | x86_64
    v | Kernel:openSUSE-15.1 | kernel-devel         | 4.12.14-lp151.98.1.ge97ba75  | 4.12.14-lp151.108.1.gf0f1262 | noarch
    v | Kernel:openSUSE-15.1 | kernel-macros        | 4.12.14-lp151.102.1.g35fcd79 | 4.12.14-lp151.108.1.gf0f1262 | noarch
    v | Kernel:openSUSE-15.1 | kernel-syms          | 4.12.14-lp151.98.1.ge97ba75  | 4.12.14-lp151.108.1.gf0f1262 | x86_64
    Is zypper's "Nothing to do." message correct ?

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,936

    Default Re: kernel security update

    I just did YaST > Software > Online update (which does the same as zypper patch) and openSUSE-2020-336 is in the list.
    Henk van Velden

  3. #3
    Join Date
    Sep 2012
    Posts
    5,364

    Default Re: kernel security update

    Quote Originally Posted by MakeTopSite View Post
    Is zypper's "Nothing to do." message correct ?
    Yes. Your installed kernel does not come from Leap so Leap update does not apply here.

  4. #4
    Join Date
    Mar 2011
    Location
    Sauerland
    Posts
    4,212

    Default AW: kernel security update

    Try
    Code:
    zypper up
    instead of
    Code:
    zypper patch
    Your kernel belongs to:
    https://download.opensuse.org/reposi...andard/x86_64/

    So the question:
    Why using this Repository?

  5. #5
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,836

    Question Re: kernel security update

    @MakeTopSite:

    From where have obtained and installed the default Kernel package?

    On this (default) Leap 15.1 machine, with yesterday's security patch installed:
    Code:
     > zypper search --details --match-exact kernel-default
    S  | Name           | Typ        | Version               | Arch   | Repository                     
    ---+----------------+------------+-----------------------+--------+--------------------------------
    i+ | kernel-default | Paket      | 4.12.14-lp151.28.40.1 | x86_64 | Hauptaktualisierungs-Repository
    i+ | kernel-default | Paket      | 4.12.14-lp151.28.36.1 | x86_64 | Hauptaktualisierungs-Repository
    i+ | kernel-default | Paket      | 4.12.14-lp151.28.32.1 | x86_64 | Hauptaktualisierungs-Repository
    v  | kernel-default | Paket      | 4.12.14-lp151.28.25.1 | x86_64 | Hauptaktualisierungs-Repository
    v  | kernel-default | Paket      | 4.12.14-lp151.28.20.1 | x86_64 | Hauptaktualisierungs-Repository
    v  | kernel-default | Paket      | 4.12.14-lp151.28.16.1 | x86_64 | Hauptaktualisierungs-Repository
    v  | kernel-default | Paket      | 4.12.14-lp151.28.13.1 | x86_64 | Hauptaktualisierungs-Repository
    v  | kernel-default | Paket      | 4.12.14-lp151.28.10.1 | x86_64 | Hauptaktualisierungs-Repository
    v  | kernel-default | Paket      | 4.12.14-lp151.28.7.1  | x86_64 | Hauptaktualisierungs-Repository
    v  | kernel-default | Paket      | 4.12.14-lp151.28.4.1  | x86_64 | Hauptaktualisierungs-Repository
    v  | kernel-default | Paket      | 4.12.14-lp151.27.3    | x86_64 | Haupt-Repository
     >
    Your Kernel version is “4.12.14-lp151.98.1” – which is a bit weird …

  6. #6
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    13,322
    Blog Entries
    3

    Default Re: kernel security update

    Quote Originally Posted by dcurtisfra View Post
    Your Kernel version is “4.12.14-lp151.98.1” – which is a bit weird …
    It is probably from the repo listed in the post just above yours (in this thread).
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  7. #7
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,836

    Question Re: kernel security update

    Quote Originally Posted by nrickert View Post
    It is probably from the repo listed in the post just above yours (in this thread).
    Ahh, yes, and, as “Sauerland” asks – “Why use that (Kernel:) repository?” …
    I suspect that, one needs to be aware of this URL: <http://kernel.opensuse.org/packages/openSUSE-15.1>

    Daily builds are done in the Kernel:openSUSE-15.1 buildservice project. Here is the download repository. If you want to try latest packages from this branch, use the following commands:
    [CODE]
    zypper ar -f http://download.opensuse.org/repositories/Kernel:/openSUSE-15.1/standard \
    Kernel:openSUSE-15.1
    zypper in --from Kernel:openSUSE-15.1 kernel-desktop
    [/CODE]
    IOW, the “normal” “zypper patch/update” ain't gonna to work with this repository …

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,936

    Default Re: kernel security update

    Quote Originally Posted by dcurtisfra View Post
    Ahh, yes, and, as “Sauerland” asks – “Why use that (Kernel:) repository?” …
    I suspect that, one needs to be aware of this URL: <http://kernel.opensuse.org/packages/openSUSE-15.1>

    IOW, the “normal” “zypper patch/update” ain't gonna to work with this repository …
    IMHO zypper patch won't, but when subscribed to the repo and a newer version is published there, zypper up will.
    Henk van Velden

  9. #9
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,019
    Blog Entries
    2

    Default Re: kernel security update

    Bottom line is,
    Patching will only install available patches for the installed kernel (and everything else on that system). It's conceivable some kernels won't be patched for certain vulnerabilities.
    Updating will install the latest available and recommended version of everything no matter what repo the package might come from including the kernel. If you're using the standard "default" kernel from the OSS, it's highly likely that it's been patched regardless what version it is because openSUSE "backports" patches even to earlier kernels when they're in use.

    The above should apply to every available package in every configured repository on your system equally except when you configure otherwise, typically with a "--from" or possibly if a repository priority is modified (this latter I'm not sure the exact effect, only that it won't likely be default behavior). This is why for example we add the Packman repo with "--from" so that the system will always install a package from Packman if it's available and not from the OSS or non-OSS.

    Whether a package is more recent or not depends on the numerical part of the package's name, higher numbers are considered more recent.

    AFAIK,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  10. #10

    Default Re: AW: kernel security update

    Thank for all replies.

    Quote Originally Posted by Sauerland View Post
    Try
    Code:
    zypper up
    instead of
    Code:
    zypper patch
    Your kernel belongs to:
    https://download.opensuse.org/reposi...andard/x86_64/

    So the question:
    Why using this Repository?
    Yes,
    Code:
    zypper up
    is working.

    I'm sorry I don't rember exactly why this repo. Probably newer version of kernel was needed by some application.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •