How to provider auditors a list of installed patches for a specific period.

I need to provide auditors a list of patches installed during a specific period from SLES 15 SP2. I’ve tried two different commands which yield different counts of displayed patches:

# List all patches needed or not including CVE before 2024-04-01 listed as security and only APPLIED on 2023-12 or 2024 sorted by date

zypper list-patches --all --cve --date 2024-04-01 --category security | grep applied | grep -E '2023-12-|2024-' | sort -k 15`
(line count is 394)
------------------------------------
cve | CVE-2020-7753  | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
cve | CVE-2021-3807  | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
cve | CVE-2021-3918  | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
cve | CVE-2021-43138 | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
cve | CVE-2022-0155  | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
cve | CVE-2022-27664 | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578 | security | important | --- | applied | 2023-12-09 | Security update ...
.
.
.
cve | CVE-2023-6377  | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4934 | security | important | --- | applied | 2024-01-24 | Security update ...
cve | CVE-2023-6478  | SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4789 | security | important | --- | applied | 2024-01-24 | Security update ...
cve | CVE-2023-6816  | SUSE-SLE-Product-SLES_SAP-15-SP2-2024-121  | security | important | --- | applied | 2024-01-24 | Security update ...
cve | CVE-2024-0229  | SUSE-SLE-Product-SLES_SAP-15-SP2-2024-121  | security | important | --- | applied | 2024-01-24 | Security update ...
cve | CVE-2024-21885 | SUSE-SLE-Product-SLES_SAP-15-SP2-2024-121  | security | important | --- | applied | 2024-01-24 | Security update ...
cve | CVE-2024-21886 | SUSE-SLE-Product-SLES_SAP-15-SP2-2024-121  | security | important | --- | applied | 2024-01-24 | Security update ...
------------------------------------

# filter Zypp history for for 2023-12 or 2024-01 and list only lines with 'applied' or 'removed'
`grep -E '2023-12-|2024-01' /var/log/zypp/history | grep -E 'applied|removed'`
(line count is 184)
------------------------------------
2023-12-09 10:29:31|patch |SUSE-SLE-Module-Basesystem-15-SP2-2020-3199|1|noarch|Basesystem_...Updates|moderate|recommended|applied|not-needed|
2023-12-09 10:29:31|patch |SUSE-SLE-Module-Basesystem-15-SP2-2021-73  |1|noarch|Basesystem_...Updates|low|recommended|applied|not-needed|
2023-12-09 10:29:31|patch |SUSE-SLE-Module-Basesystem-15-SP2-2021-1946|1|noarch|Basesystem_...Updates|moderate|recommended|applied|not-needed|
2023-12-09 10:29:31|patch |SUSE-SLE-Module-Basesystem-15-SP2-2021-3136|1|noarch|Basesystem_...Updates|moderate|recommended|applied|not-needed|
2023-12-09 10:29:31|patch |SUSE-SLE-Module-Basesystem-15-SP2-2021-3581|1|noarch|Basesystem_...Updates|important|recommended|applied|not-needed|
.
.
.
2024-01-24 13:21:59|patch |SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4934 |1|noarch|SUSE_Linux_...Updates|important|security|needed|applied|
2024-01-24 13:21:59|patch |SUSE-SLE-Product-SLES_SAP-15-SP2-2024-121  |1|noarch|SUSE_Linux_...Updates|important|security|needed|applied|
2024-01-24 13:29:55|patch |SUSE-SLE-Product-SLES_SAP-15-SP2-2024-43   |1|noarch|SUSE_Linux_...Updates|moderate|recommended|needed|applied|
# 2024-01-24 13:48:54 cluster-md-kmp-default-5.3.18-150200.24.151.1.x86_64 removed ok
# 2024-01-24 13:49:40 gfs2-kmp-default-5.3.18-150200.24.151.1.x86_64 removed ok
# 2024-01-24 13:49:57 ocfs2-kmp-default-5.3.18-150200.24.151.1.x86_64 removed ok
# 2024-01-24 13:50:16 dlm-kmp-default-5.3.18-150200.24.151.1.x86_64 removed ok
------------------------------------

While both commands seem to give a very good listing of patches, the counts between the two are VASTLY different.

Can someone tell me:

  • Why the two commands are displying such different results of installed patches?
  • Which command gives me the most accurate listing of patches installed between 2023-12-01 and 2024-02-28?

Thanks for any help you can provide.
Shaun.

@OldSCOadmin Hi and welcome to the Forum :smile:
Unfortunately these Forums are for the Community distribution openSUSE, not SLE. You need to asking over at the SUSE and Rancher Forum at https://forums.rancher.com/ or the sle Rancher Users Slack channel.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.