PDA

View Full Version : SLES 11 SP2 BASH security updates??



briggs1
30-Sep-2014, 11:44
Hi,
We run SLES 11 SP2 because we are a Novell GroupWise customer, and at the moment, we only have these servers to allow us to run the mobility pack for Email sync with GroupWise.
That said, we will be deploying GroupWise 2014 onto SLES at some point in the future. It's fair to say my skills on SLES/Linux are near nill!
I've ran the online update on our server, and installed all updates (as per article 7015702 - used 'zypper up'). I'd assumed this would have me all set with the latest fixes and versions, but more specifically the recent BASH vulnerabilities. But it's now reporting I'm on the latest version - bash-3.2-147.14.18.1.x86_64.
But in article CVE-2014-7169 it states the version 3.2-147.14.22.1.

How do I ensure I am definitely all up to date? Can I manually install this or is there something that needs to be done with the update repositories?

I have active GroupWise maintenance, which covers the use of SLES for use with GroupWise, so I'd hope that entitles me to all updates - surely?

Thanks in advance, Alan

mikewillis
30-Sep-2014, 12:55
Hi,
We run SLES 11 SP2 because we are a Novell GroupWise customer, and at the moment, we only have these servers to allow us to run the mobility pack for Email sync with GroupWise.
That said, we will be deploying GroupWise 2014 onto SLES at some point in the future. It's fair to say my skills on SLES/Linux are near nill!
I've ran the online update on our server, and installed all updates (as per article 7015702 - used 'zypper up'). I'd assumed this would have me all set with the latest fixes and versions, but more specifically the recent BASH vulnerabilities. But it's now reporting I'm on the latest version - bash-3.2-147.14.18.1.x86_64.
But in article CVE-2014-7169 it states the version 3.2-147.14.22.1.

How do I ensure I am definitely all up to date? Can I manually install this or is there something that needs to be done with the update repositories?

I have active GroupWise maintenance, which covers the use of SLES for use with GroupWise, so I'd hope that entitles me to all updates - surely?

What your particular maintenance covers isn't something people on the forums can definitely answer, but the article you cite https://www.suse.com/support/kb/doc.php?id=7015702 doesn't list SLES 11 SP2. (General Support for SLES 11 SP2 has ended.) It does list SUSE Linux Enterprise Server 11 SP2 LTSS, where LTSS is Long Term Service Pack Support. If you have LTSS then you need to add the LTSS repositories as described in the article. If you don't have LTSS...


4. Applying CVE related fixes if you don't have LTSS maintenance:

Due to the nature of this issue, it was decided that patches would be made available to active subscription customers who don't have an LTSS agreement or not for SLES10SPx and SLES11SPx. For further information about this, please contact Customer Support.
It doesn't actually say how to go about contacting Customer Support but info can be found via https://www.suse.com/support/ (Forums are not an official support channel.) Best bet is probably to open a Service Request. If you can't open a Service Request yourself, talk to whoever it is in your organisation handles your licensing as they should be able to. If you can't raise a Service Request, on the Service Request pages, there's a section on the left which should show you a phone number and if not look for a Support number at https://www.suse.com/ContactsOffices/contacts_offices.jsp