I need to provide auditors a list of patches installed during a specific period from SLES 15 SP2. I’ve tried two different commands which yield different counts of displayed patches:
# List all patches needed or not including CVE before 2024-04-01 listed as security and only APPLIED on 2023-12 or 2024 sorted by date
zypper list-patches --all --cve --date 2024-04-01 --category security | grep applied | grep -E '2023-12-|2024-' | sort -k 15`
(line count is 394)
------------------------------------
cve | CVE-2020-7753 | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
cve | CVE-2021-3807 | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
cve | CVE-2021-3918 | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
cve | CVE-2021-43138 | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
cve | CVE-2022-0155 | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
cve | CVE-2022-27664 | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
.
.
.
cve | CVE-2023-6377 | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4934 | security | important | --- | applied | 2024-01-24 | Security update ...
cve | CVE-2023-6478 | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4789 | security | important | --- | applied | 2024-01-24 | Security update ...
cve | CVE-2023-6816 | SUSE-SLE-Product-SLES_SAP-15-SP2-2024-121 | security | important | --- | applied | 2024-01-24 | Security update ...
cve | CVE-2024-0229 | SUSE-SLE-Product-SLES_SAP-15-SP2-2024-121 | security | important | --- | applied | 2024-01-24 | Security update ...
cve | CVE-2024-21885 | SUSE-SLE-Product-SLES_SAP-15-SP2-2024-121 | security | important | --- | applied | 2024-01-24 | Security update ...
cve | CVE-2024-21886 | SUSE-SLE-Product-SLES_SAP-15-SP2-2024-121 | security | important | --- | applied | 2024-01-24 | Security update ...
------------------------------------
# filter Zypp history for for 2023-12 or 2024-01 and list only lines with 'applied' or 'removed'
`grep -E '2023-12-|2024-01' /var/log/zypp/history | grep -E 'applied|removed'`
(line count is 184)
------------------------------------
2023-12-09 10:29:31|patch |SUSE-SLE-Module-Basesystem-15-SP2-2020-3199|1|noarch|Basesystem_...Updates|moderate|recommended|applied|not-needed|
2023-12-09 10:29:31|patch |SUSE-SLE-Module-Basesystem-15-SP2-2021-73 |1|noarch|Basesystem_...Updates|low|recommended|applied|not-needed|
2023-12-09 10:29:31|patch |SUSE-SLE-Module-Basesystem-15-SP2-2021-1946|1|noarch|Basesystem_...Updates|moderate|recommended|applied|not-needed|
2023-12-09 10:29:31|patch |SUSE-SLE-Module-Basesystem-15-SP2-2021-3136|1|noarch|Basesystem_...Updates|moderate|recommended|applied|not-needed|
2023-12-09 10:29:31|patch |SUSE-SLE-Module-Basesystem-15-SP2-2021-3581|1|noarch|Basesystem_...Updates|important|recommended|applied|not-needed|
.
.
.
2024-01-24 13:21:59|patch |SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4934 |1|noarch|SUSE_Linux_...Updates|important|security|needed|applied|
2024-01-24 13:21:59|patch |SUSE-SLE-Product-SLES_SAP-15-SP2-2024-121 |1|noarch|SUSE_Linux_...Updates|important|security|needed|applied|
2024-01-24 13:29:55|patch |SUSE-SLE-Product-SLES_SAP-15-SP2-2024-43 |1|noarch|SUSE_Linux_...Updates|moderate|recommended|needed|applied|
# 2024-01-24 13:48:54 cluster-md-kmp-default-5.3.18-150200.24.151.1.x86_64 removed ok
# 2024-01-24 13:49:40 gfs2-kmp-default-5.3.18-150200.24.151.1.x86_64 removed ok
# 2024-01-24 13:49:57 ocfs2-kmp-default-5.3.18-150200.24.151.1.x86_64 removed ok
# 2024-01-24 13:50:16 dlm-kmp-default-5.3.18-150200.24.151.1.x86_64 removed ok
------------------------------------
While both commands seem to give a very good listing of patches, the counts between the two are VASTLY different.
Can someone tell me:
- Why the two commands are displying such different results of installed patches?
- Which command gives me the most accurate listing of patches installed between 2023-12-01 and 2024-02-28?
Thanks for any help you can provide.
Shaun.