Downloading and installing patches without zypper repository

Hello, a quick one about applying system patches to SuSE SLES, e.g SLES 11 SP4.

Suppose we don’t have any local or remote zypper repository configured for the server concerned and would like to apply the patch glibc 12406 to fix the CVE-2015-7547 issue and others.

Does it mean we have to download the listed rpm files from download.suse.com and run rpm -ivh on them one by one manually to patch the server?

• glibc-2.11.3-17.95.2.nosrc.rpm
• glibc-2.11.3-17.95.2.src.rpm
• glibc-2.11.3-17.95.2.x86_64.rpm
• glibc-32bit-2.11.3-17.95.2.x86_64.rpm
• glibc-devel-2.11.3-17.95.2.x86_64.rpm
• glibc-devel-32bit-2.11.3-17.95.2.x86_64.rpm
• glibc-html-2.11.3-17.95.2.x86_64.rpm
• glibc-i18ndata-2.11.3-17.95.2.x86_64.rpm
• glibc-info-2.11.3-17.95.2.x86_64.rpm
• glibc-locale-2.11.3-17.95.2.x86_64.rpm
• glibc-locale-32bit-2.11.3-17.95.2.x86_64.rpm
• glibc-profile-2.11.3-17.95.2.x86_64.rpm
• glibc-profile-32bit-2.11.3-17.95.2.x86_64.rpm
• nscd-2.11.3-17.95.2.x86_64.rpm

Is there a quicker way to install the patch in one go?

Thanks
Sunny Suen

On 10/06/16 10:44, ssuen wrote:
[color=blue]

Hello, a quick one about applying system patches to SuSE SLES, e.g SLES
11 SP4.

Suppose we don’t have any local or remote zypper repository configured
for the server concerned and would like to apply the patch glibc 12406
to fix the CVE-2015-7547 issue and others.

Does it mean we have to download the listed rpm files from
download.suse.com and run rpm -ivh on them one by one manually to patch
the server?

• glibc-2.11.3-17.95.2.nosrc.rpm
• glibc-2.11.3-17.95.2.src.rpm
• glibc-2.11.3-17.95.2.x86_64.rpm
• glibc-32bit-2.11.3-17.95.2.x86_64.rpm
• glibc-devel-2.11.3-17.95.2.x86_64.rpm
• glibc-devel-32bit-2.11.3-17.95.2.x86_64.rpm
• glibc-html-2.11.3-17.95.2.x86_64.rpm
• glibc-i18ndata-2.11.3-17.95.2.x86_64.rpm
• glibc-info-2.11.3-17.95.2.x86_64.rpm
• glibc-locale-2.11.3-17.95.2.x86_64.rpm
• glibc-locale-32bit-2.11.3-17.95.2.x86_64.rpm
• glibc-profile-2.11.3-17.95.2.x86_64.rpm
• glibc-profile-32bit-2.11.3-17.95.2.x86_64.rpm
• nscd-2.11.3-17.95.2.x86_64.rpm

Is there a quicker way to install the patch in one go?[/color]

If your server doesn’t have access to any repositories then yes the only
way of patching your server is to download the relevant updated packages
from download.suse.com then install them by hand.

However you don’t need to “loop” through each individually but instead
could save all the packages to the same directory then within the
directory do “rpm -Uvh *.rpm” (use -U to upgrade rather than -i to install).

HTH.

Simon
SUSE Knowledge Partner

If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.

Thanks Simon.

However you don’t need to “loop” through each individually but instead
could save all the packages to the same directory then within the
directory do “rpm -Uvh *.rpm” (use -U to upgrade rather than -i to install).

Very helpful suggestion indeed.
Now the prospect doesn’t look that daunting to me any more.

One more question, Simon.

Using the glibc patch as an example, is the readme file expected to instruct us in what order to apply rpm -Uvh to the constituent rpm files?

My concern is that if we just invoke rpm -Uvh *.rpm, we might as well run into some dependency issues.

On 10/06/16 17:14, ssuen wrote:
[color=blue]

One more question, Simon.

Using the glibc patch as an example, is the readme file expected to
instruct us in what order to apply rpm -Uvh to the constituent rpm
files?

My concern is that if we just invoke rpm -Uvh *.rpm, we might as well
run into some dependency issues.[/color]

If you install/upgrade multiple packages by using the rpm command with a
wildcard rpm will take care of the order so dependencies will be met.

HTH.

Simon
SUSE Knowledge Partner

If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.