CVE-2014-0160 SuSE 12.2 patch?

interways · April 9, 2014, 10:15am

When will there be a patch for the heartbleed SSL bug for SuSE 12.2?
Any infos?

Thanks!

wolfi323 · April 9, 2014, 10:34am

Why are you posting the same question twice? (http://forums.opensuse.org/showthread.php/496950-CVE-2014-0160-SuSE-12-2-patch)

Here’s the same answer again:
Never, as 12.2 is out of support since January. See here though: http://forums.opensuse.org/showthrea...ssh-heartbleed

interways · April 9, 2014, 1:26pm

Once in English, once German. Easy…

And for major flaws, there should be updates, even after support phases end!>:(

wolfi323 · April 9, 2014, 1:34pm

???
Isn’t your question in english here as well? Or am I hallucinating?
Ok, then, why are you posting an english question in the german forum? That’s what the english forum is for.

And for major flaws, there should be updates, even after support phases end!>:(

No, that’s what “end of support” means.
If you want updates, you have to use a supported distribution.

If you want longer support than the usual 18 months, use Evergreen or the commercial SUSE Linux Enterprise.

And I already pointed you to the 12.3 packages built for 12.2 (so they do contain the fix).

interways · April 9, 2014, 2:56pm

Thanks. Your link did not work, but I found it by searching…

wolfi323 · April 9, 2014, 3:00pm

Oops, sorry. Something went wrong with copy/paste… :shame:
But the link is correct in your other thread.

For the record, here it is again: http://forums.opensuse.org/showthread.php/496947-opensuse-12-2-and-ssh-heartbleed

interways · April 9, 2014, 3:27pm

I zypper install -f openssl with the new repo, but the vulerability still exists afterwards.
Any ideas?

Thanks!!

malcolmlewis · April 9, 2014, 3:37pm

Hi
In a nutshell, upgrade to a supported release of openSUSE… don’t you also need to upgrade your certificate as well?

interways · April 9, 2014, 3:40pm

If it were that easy…
Hosted system with a provider, distro upgrade breaks system.

interways · April 9, 2014, 3:54pm

Found the solution!

For everyone interested:

zypper addrepo http://download.opensuse.org/reposit…3:Update.repo
zypper refresh
zypper install -f openssl
zypper install -f libopenssl1_0_0

Thanks malcolmlewis for NOT helping, but wisecracking… Would have been easier if you tried productive tips instead of boilerplate stuff.

malcolmlewis · April 9, 2014, 4:16pm

Thanks malcolmlewis for NOT helping, but wisecracking… Would have been easier if you tried productive tips instead of boilerplate stuff.

Hi
Excuse me! think about what has been said, for now you have found a fix, temporary at that, what about other vulnerabilities in 12.2 that may may not be fixed in the future. Also note that the home repo you have pointed to could be here today and gone tomorrow, such is the nature of the OBS.

Shouldn’t the hosting site provide a fix, or proper upgrade path?