Has anyone ever gotten this update message before?
My software and firmware are all updated. When I hit remove, nothing happens. I’m a little confused and concerned on how this got onto my system and why I have a security update notification on my taskbar.
We don’t know what you actually did there.
If there was a BIOS update, then you need to reboot to reflash the BIOS.
I got this just from running yast and selecting online updates… what IS it? Nobody likes packages with unhelpful descriptions. If it is a security update that requires a reboot, what is being updated? If it’s just trying to force me to reboot, how do I stop this from showing up? Deciding when to reboot is the system administrator’s job.
@quixadhal Hi and welcome to the Forum 
Well one could argue that the System Administrator should also be following CVE’s (See recent xz backdoor threads) etc… Anyway for Tumbleweed instead of using YaST use zypper dup as there was a complete rebuild of packages, which requires a reboot…
Instead of saying “thank you” to maintainers who made an effort to deliver xz update even to the users who still use YOU on Tumbleweed?
Update your system to eliminate critical vulnerability. And reboot after you have done it.
No, it is not. Post
rpm -q xz
It’s fine if there’s an actual update but that description along with “Unknown Author” is a red flag to anyone who pays attention. To me, it looks like your mainstream package system got hijacked by someone.
A later reply that came in as I was typing said it was a critical update to the xz compression package… how would I know this from the screenshot I posted above? It doesn’t SAY that anywhere…
I should not this is a mostly clean install I did on a test machine a couple weeks ago, so there’s nothing abnormal about the installation. I was just using the normal SUSE package update system I used 20 years ago when I used to use this distro. Never heard of zypper, but I’ll take a look. Thank you.
You should not be using this program on Tumbleweed in the first place.
So, most likely affected by the malicious packages.
Then you as administrator seem to fail to upgrade/maintain your system properly. SUSE and openSUSE are different entities with different products. But both use the underlying zypper for package management.
There is enough documentation for Tumbleweed available which explains the upgrade mechanism, and that it needs to be done via zypper dup (as already mentioned above).
Literally, installed a basic set of packages from the installer… nothing manually added. Soooo, if it shouldn’t be used, why did the default installation include it?
It’s fine. I apologize for being a user and an annoyance. I won’t bother you guys again.
Because it is used on Leap and so far nobody adjusted default dependencies on Tumbleweed. This is worth bug report.
Not only does it get automatically installed now since Plasma 6 but it automatically pops up in the system tray.
Sorry, it was confusing. There are two screenshots here Discover and YaST Online Update. YOU works only with patches and Tumbleweed generally does not have patches, so YOU is pretty useless and normally will not do anything at all. Discover supports “normal” updates and can be used, but it also supports patches and will show them when present.
This is actually the first time patch was provided for Tumbleweed. Every now and then there are emergency updates that are directly uploaded to update repository without going through usual staging/openQA, but so far they were exactly that - normal updates (i.e. packages with different version). No patches were associated with them.
To clarify my comment, then, after the update containing Plasma 6.0.3 (my first update since Plasma 6 hit tumbleweed, installed with zypper dup), Discover, which I’d never used before, started popping up in my system tray with notifications about updates. I did not spend a lot of time looking at it, but it did seem to be offering updates that zypper dup did not. I don’t know about the reboot-really-needed; I didn’t notice that but did not spend much time looking at it before uninstalling discover-notifier to make it go away.
@arvidjaar are you saying that it is ok (at least not harmful / dangerous) to install updates with Discover, or am I overinterpreting “may be used”? Similarly is it ok (not harmful / dangerous) to use YOU on Tumbleweed, even if normally useless?
It is difficult to comment without specific example, but in general I would not expect Discover to offer anything that is not available in the configured repositories. It may present information differently though.
I said nothing about “harmful/dangerous”. If you insist on putting it this way - from where I stand I do not see what would make zypper less and Discover more harmful/dangerous. I readily admit it is just my lack of knowledge.
Why would you use something if it is useless? Again, I said nothing about “harmful/dangerous”, but I fail to see how a program that does nothing can be harmful or dangerous.
Discover shows more updates as zypper dup as Discover can update flatpaks (flathub) and firmware/BIOS (lvfs).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.