Security advisories scope

xaoc · June 1, 2016, 3:31pm

Hi,
We are supporting SLES 11 SP3 LTSS systems and proactively monitor the security update advisories for newly discovered vulnerabilities and fixes. So far we have been filtering the list based on Affected Products but since SP3 went out of general support end of Jan, we are concerned that the we may “miss” some advisories which impact this particular version. In other words, can you confirm that the “Affected Products” list for each advisory is complete and full representation of the scope for the vulnerability in question? For example the recent ntp vulnerability has listed only SLES SP4 as affected product, can we assume than it is NOT applicable for SP3?
Thank you for a swift answer!

Jens-U · June 1, 2016, 3:39pm

Hi xaoc,

[QUOTE=xaoc;32755]Hi,
We are supporting SLES 11 SP3 LTSS systems and proactively monitor the security update advisories for newly discovered vulnerabilities and fixes. So far we have been filtering the list based on Affected Products but since SP3 went out of general support end of Jan, we are concerned that the we may “miss” some advisories which impact this particular version. In other words, can you confirm that the “Affected Products” list for each advisory is complete and full representation of the scope for the vulnerability in question? For example the recent ntp vulnerability has listed only SLES SP4 as affected product, can we assume than it is NOT applicable for SP3?
Thank you for a swift answer![/QUOTE]

as this is a security-related question asking for official statements from SUSE, I suggest you contact your SUSE representative to receive an official reply / statement. The SUSE forums are for user-to-user communications, so any answer you receive here would have no binding effect and no official SUSE representative is monitoring these forums.

Regards,
J.

ab1 · June 1, 2016, 3:45pm

I believe so, but that is based on a patch from earlier this year. The
page like yours is here:

https://www.suse.com/support/update/announcement/2016/suse-su-20161301-1.html

The page for the specific vulnerability was here, and updated as patches
were released for various SPs/builds of SLE and ImageMagick:

https://www.suse.com/security/cve/CVE-2016-3714.html

Notice that, despite being earlier this year, this has SP2 and SP3 LTSS
included.

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

Topic		Replies	Views
SLES11-SP3 Package update SLES Updates	6	187	December 21, 2016
Suse Patch Finder – SLES SP3 SUSE Linux Enterprise Server	0	493	September 20, 2022
Attempting to upgrade SLES11 SP3 to SP4 SLES Updates	1	194	September 27, 2016
OpenSSL security updates for SLES 11.3 SLES Configure-Administer	4	192	June 3, 2016
About the Meltdown/Spectre updates SLES Updates	2	251	January 17, 2018

Security advisories scope

Related Topics