PDA

View Full Version : SLES 9 SP4 Nessus scan vulnerabilities



ztenj
13-Aug-2012, 22:30
Hello we have some servers without internet access, in which we run a Nessus security scan and in the result of the scan we got around 200 vulnerabilities between high and medium severity, most of them have a recomended solution in which a certain YOU patch number should be installed.

After checking all the vulnerabilities I found out that I have to install 225 patches. where could I download this patches? and is there a way to download this patches as a bulk/point release/service pack etc??

an example of the patches that nessus recoments to download are the following:
SuSE9 Security Update : Samba (YOU Patch Number 12622)
SuSE9 Security Update : Samba (YOU Patch Number 12644)
SuSE9 Security Update : Samba (YOU Patch Number 12812)
SuSE9 Security Update : sendmail (YOU Patch Number 12590)
SuSE9 Security Update : squid (YOU Patch Number 12004)
SuSE9 Security Update : squid (YOU Patch Number 12135)
SuSE9 Security Update : squid (YOU Patch Number 12597)
SuSE9 Security Update : tar (YOU Patch Number 12596)
SuSE9 Security Update : the Linux kernel (YOU Patch Number 12578)
SuSE9 Security Update : the Linux kernel (YOU Patch Number 12646)
SuSE9 Security Update : the Linux kernel (YOU Patch Number 12672)


Thanks

malcolmlewis
13-Aug-2012, 23:00
Hello we have some servers without internet access, in which we run a
Nessus security scan and in the result of the scan we got around 200
vulnerabilities between high and medium severity, most of them have a
recomended solution in which a certain YOU patch number should be
installed.

After checking all the vulnerabilities I found out that I have to
install 225 patches. where could I download this patches? and is there a
way to download this patches as a bulk/point release/service pack etc??

an example of the patches that nessus recoments to download are the
following:
SuSE9 Security Update : Samba (YOU Patch Number 12622)
SuSE9 Security Update : Samba (YOU Patch Number 12644)
SuSE9 Security Update : Samba (YOU Patch Number 12812)
SuSE9 Security Update : sendmail (YOU Patch Number 12590)
SuSE9 Security Update : squid (YOU Patch Number 12004)
SuSE9 Security Update : squid (YOU Patch Number 12135)
SuSE9 Security Update : squid (YOU Patch Number 12597)
SuSE9 Security Update : tar (YOU Patch Number 12596)
SuSE9 Security Update : the Linux kernel (YOU Patch Number 12578)
SuSE9 Security Update : the Linux kernel (YOU Patch Number 12646)
SuSE9 Security Update : the Linux kernel (YOU Patch Number 12672)


Thanks



Hi
All the patches are here: http://download.novell.com/patch/psdb/ if you
have an active subscription, shouldn't be a problem to download. I
don't think there is an easier way except manually.

--
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 3.0.34-0.7-default
up 15 days 18:32, 2 users, load average: 0.49, 0.55, 0.50
CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU

dirkmueller
24-Aug-2012, 09:27
The easiest way would be to run YaST2 and select "System Update".

smflood
24-Aug-2012, 13:40
On 24/08/2012 09:34, dirkmueller wrote:

> The easiest way would be to run YaST2 and select "System Update".

Not if the OP has some servers without internet access ...
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------

smflood
24-Aug-2012, 13:45
On 13/08/2012 22:34, ztenj wrote:

> Hello we have some servers without internet access, in which we run a
> Nessus security scan and in the result of the scan we got around 200
> vulnerabilities between high and medium severity, most of them have a
> recomended solution in which a certain YOU patch number should be
> installed.
>
> After checking all the vulnerabilities I found out that I have to
> install 225 patches. where could I download this patches? and is there a
> way to download this patches as a bulk/point release/service pack etc??
>
> an example of the patches that nessus recoments to download are the
> following:
> SuSE9 Security Update : Samba (YOU Patch Number 12622)
> SuSE9 Security Update : Samba (YOU Patch Number 12644)
> SuSE9 Security Update : Samba (YOU Patch Number 12812)
> SuSE9 Security Update : sendmail (YOU Patch Number 12590)
> SuSE9 Security Update : squid (YOU Patch Number 12004)
> SuSE9 Security Update : squid (YOU Patch Number 12135)
> SuSE9 Security Update : squid (YOU Patch Number 12597)
> SuSE9 Security Update : tar (YOU Patch Number 12596)
> SuSE9 Security Update : the Linux kernel (YOU Patch Number 12578)
> SuSE9 Security Update : the Linux kernel (YOU Patch Number 12646)
> SuSE9 Security Update : the Linux kernel (YOU Patch Number 12672)

Presumably these servers do have network access and since you say some
servers don't that implies at least one server does so internet access
is available?

If that's the case then why not set up a local patch server that can
access patches via the internet and which your local servers can then
pull patches from? You could use SUSE's SMT product to handle this for you.

HTH.
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------