I have a server that is in production and not allowed outside world internet. Now on that server I’ve put opensuse13.2 and the security team came back with 100+ patches needed to be installed on the server. Below are a few examples.
And many more…
What is the best way to install all these patches at once? Does openSuse come up with a repository to install these at once? Or I have to manually install those one by one? If I need to install one by one, where can I find these patches? I googled quite a bit but not even a single patch I could find. If someone can please guide me, it’ll be really appreciated. I have a deadline to meet and don’t know where to start and have 100 of these patches to be installed.
Please let me know if I can provide any further info regarding these patches.
However, your tests might still show a problem, if the tests are based on the version number rather than on testing for the security flaw. It is common practice in many distros, to back-patch the security fix to the installed version. So the fixed version may still have a version number that the tester does not like.
Thanks for the info. But as I said, there is not internet connection to this server. Only intranet, so I cannot do yast online updates. Any other way to manually download these patches and sftp them to the server and then install them? Your help is appreciated.
If you run mission critical operations then you need to use the SUSE versions. But there again the version number may not jive with some version checkers because the way different OS’s number there updates.
Fixes are often back ported rather then moved to newer major version numbers. Though you can certainly install newer versions if you need to but then you are on your own on support.
It is better to know what fixes happen and why rather then to rely on some arbitrary blind criteria. But then Bureaucracies tend to like following some arbitrary rules made by high priced consultants that may or may not know what is what. No one ever got fired buying IBM