Patch Notification: Patch Finder vs Update Advisories

Hi,

I’m quite new here, so please bear with me. :slight_smile:

Which is the official channel for the patch announcements?

Patch Finder: https://download.suse.com/patch/finder/
Update Advisories: https://www.suse.com/support/update/

The Update Advisories seem to be more complete due to the additional information on Security Rating. This piece of information doesn’t seem to be available in Patch Finder. Is there a way to retrieve the rating from Patch Finder? Is it possible to request to include the rating in the notifications?

For the advisories, is there a way to subscribe to it? I can’t seem to find a way to do this. Any APIs that I can use? Am I missing something?

Thanks,
Karen

kkaren wrote:
[color=blue]

For the advisories, is there a way to subscribe to it? I can’t seem to
find a way to do this.[/color]

You can get email notification for patches here:
https://www.suse.com/email/notification/ctrl


Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.

Thanks Kevin. I have already subscribed to the patch notifications. What I’m trying to achieve is to subscribe to the advisories.

I was wondering if there are plans to include or map the severity rating and announcement ID for each security alert to the corresponding patch?

kkaren wrote:
[color=blue]

What I’m trying to achieve is to subscribe to the advisories.[/color]

I have inquired about that and currently there doesn’t appear to be any
way to do so.

Have you checked out the SUSE Security Resources?
https://www.suse.com/support/security/

SUSE provides OVAL Descriptions for SUSE Linux Enterprise Products
https://www.suse.com/support/security/oval/

[color=blue]

OVAL® is a XML description and reporting format used to assess and
report the state of an operating system. More in depth information
about OVAL can be found on the Mitre OVAL website.[/color]
[color=blue]
SUSE is currently providing OVAL information for SUSE Linux
Enterprise products that allows to assess and report on the RPM
package versions affected by known security issues in a CVE to RPM
name/version mapping.[/color]
[color=blue]
The OVAL data is provided by SUSE under the Creative Commons License
4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0).[/color]

It would seem that the XML file has the information you are looking for
if you have some way to extract it.


Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.

Cool, I’ll look into that. Thanks again for the help, Kevin. Appreciate it!