PDA

View Full Version : SLES11-SP3 Package update



vinishrustagi
12-Feb-2015, 14:35
Hi Team,

I have installed OES11-SP2-addon_with_SLES11-SP3-x86_64. Now i just scanned this server by using Nessus Tool.
It showing a lot of vulnerabilities.
please suggest me how to fix this?

ab
12-Feb-2015, 15:10
It would help if you expounded, in great detail, about the
"vulnerabilities" found, and preferably included code to test the exploits.

Often security scanning tools err far on the side of caution, reporting
many things which may be problems based on nothing more than a detected
version number (a terrible test). As a result, details are needed, as are
proper tests.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

smflood
12-Feb-2015, 16:16
On 12/02/2015 13:44, vinishrustagi wrote:

> I have installed OES11-SP2-addon_with_SLES11-SP3-x86_64. Now i just
> scanned this server by using Nessus Tool.
> It showing a lot of vulnerabilities.
> please suggest me how to fix this?

After installing OES11 SP2 with SLES11 SP3 did you then register the
server against the Novell Customer Center (or your own SMT server) and
fully patch the server?

As ab notes, often vulnerabilities are mis-reported because the scanning
software blindly checks the version numbers without actually checking
the vulnerability. For stability reasons, SUSE backport a lot of
security fixes from later versions to earlier versions so whilst at
first glance a component may seem vulnerable it's actually not.

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

vinishrustagi
13-Feb-2015, 11:10
Is SuSE subscription required to update the patches?
Till now, we don't have any paid subscription for SLES11, but we have license of Novell Groupwise.
Is Suse server also included in that.Please suggest.

ab
13-Feb-2015, 12:20
On 02/13/2015 03:14 AM, vinishrustagi wrote:
>
> Is SuSE subscription required to update the patches?

Via software repositories? Yes.

> Till now, we don't have any paid subscription for SLES11, but we have
> license of Novell Groupwise.
> Is Suse server also included in that.Please suggest.

Whether or not it comes with SLES licenses is beyond me; your GW sales or
account representative should be able to tell you easily.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

smflood
13-Feb-2015, 12:25
On 13/02/2015 10:14, vinishrustagi wrote:

> Is SuSE subscription required to update the patches?

Yes.

> Till now, we don't have any paid subscription for SLES11, but we have
> license of Novell Groupwise.
> Is Suse server also included in that.Please suggest.

I think that a license for SLES is included with GroupWise however you
installed Novell Open Enterprise Server (OES) which won't be covered. If
you have OES you need a subscription from Novell which will cover
updates for both OES and the underlying SLES - you need to update both.

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

Massimo Rosen
21-Dec-2016, 00:21
Am 13.02.2015 um 12:25 schrieb Simon Flood:
> On 13/02/2015 10:14, vinishrustagi wrote:
>
>> Is SuSE subscription required to update the patches?
>
> Yes.
>
>> Till now, we don't have any paid subscription for SLES11, but we have
>> license of Novell Groupwise.
>> Is Suse server also included in that.Please suggest.
>
> I think that a license for SLES is included with GroupWise however you
> installed Novell Open Enterprise Server (OES) which won't be covered. If
> you have OES you need a subscription from Novell which will cover
> updates for both OES and the underlying SLES - you need to update both.

Not to mention that while SLES is Open Source and you are legally
allowed to run it without paying (albeit have no support and no access
to patches), OES is not. Using OES without valid license is software piracy.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de