Hi everybody, I am currently running a SLES 11 SP3 server with activated support subscription, and I wish to apply the patch for DROWN.
In SLES announcement SLES 11 SP3 is not mentioned:
And if I use Yast to search for the online patch, for openSSL I have these ones:
That, as far as I understood, are not related to DROWN.
But if I search with patch finder, I can find a patch for SLES 11 SP3: https://download.suse.com/Download?buildid=Pvwq6yfsO_s~
Is that patch the right one for my SLES?
Hi
If you scroll down the page, the above link does indicate that it
covers the drown cve.
–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 SP1|GNOME 3.10.4|3.12.53-60.30-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
I have a similar question, related to update for bind CVE-2017-3135.
My system is based on SUSE Linux Enterprise Server 11-SP3. But the CVE-2017-3135 is for SUSE Linux Enterprise Server 11-SP3-LTSS (Long Term Service Pack Support) only.
My question is whether my 11SP3 version is also affected or not in this case? Since11 SP3 is still supported officially till 2019 year , and the 11SP3 LTSS till 2022, is there any difference between them for patches released till 2019? I mean if patches released for 11SP3 LTSS are valid for 11SP3? (until 2019 year at least)
My understanding is that LTSS is more about what you’ve paid for than
compatibility; if you have SP3, you can pay for LTSS and get longer-term
support rather than upgrading to SP4 or later versions of SLES. As a
result, the patches should be as valid as anything.
Regardless of any of that, you can check an RPM’s changelog to see fixes
that went into it. For example, if ‘bind’ is the package, try this and
look for the bug number or CVE number in the changelog output; there may
be a lot of output, so perhaps pipe it to a pager like ‘less’:
rpm -q --changelog bind
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
On 19/04/17 10:34, bartosz kaszczyszyn1 wrote:
[color=blue]
I have a similar question, related to update for bind CVE-2017-3135.
My system is based on SUSE Linux Enterprise Server 11-SP3. But the
CVE-2017-3135 is for SUSE Linux Enterprise Server 11-SP3-LTSS (Long Term
Service Pack Support) only.
My question is whether my 11SP3 version is also affected or not in this
case? Since11 SP3 is still supported officially till 2019 year , and the
11SP3 LTSS till 2022, is there any difference between them for patches
released till 2019? I mean if patches released for 11SP3 LTSS are valid
for 11SP3? (until 2019 year at least)[/color]