PDA

View Full Version : SLES-Other Patch Notification: Patch Finder vs Update Advisories



kkaren
21-Mar-2017, 01:56
Hi,

I'm quite new here, so please bear with me. :)

Which is the official channel for the patch announcements?

Patch Finder: https://download.suse.com/patch/finder/
Update Advisories: https://www.suse.com/support/update/

The Update Advisories seem to be more complete due to the additional information on Security Rating. This piece of information doesn't seem to be available in Patch Finder. Is there a way to retrieve the rating from Patch Finder? Is it possible to request to include the rating in the notifications?

For the advisories, is there a way to subscribe to it? I can't seem to find a way to do this. Any APIs that I can use? Am I missing something?

Thanks,
Karen

KBOYLE
21-Mar-2017, 02:15
kkaren wrote:

> For the advisories, is there a way to subscribe to it? I can't seem to
> find a way to do this.

You can get email notification for patches here:
https://www.suse.com/email/notification/ctrl

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.

kkaren
03-Apr-2017, 07:00
Thanks Kevin. I have already subscribed to the patch notifications. What I'm trying to achieve is to subscribe to the advisories.

I was wondering if there are plans to include or map the severity rating and announcement ID for each security alert to the corresponding patch?

KBOYLE
03-Apr-2017, 16:33
kkaren wrote:

> What I'm trying to achieve is to subscribe to the advisories.

I have inquired about that and currently there doesn't appear to be any
way to do so.

Have you checked out the SUSE Security Resources?
https://www.suse.com/support/security/

SUSE provides OVAL Descriptions for SUSE Linux Enterprise Products
https://www.suse.com/support/security/oval/


> OVALŪ is a XML description and reporting format used to assess and
> report the state of an operating system. More in depth information
> about OVAL can be found on the Mitre OVAL website.

> SUSE is currently providing OVAL information for SUSE Linux
> Enterprise products that allows to assess and report on the RPM
> package versions affected by known security issues in a CVE to RPM
> name/version mapping.

> The OVAL data is provided by SUSE under the Creative Commons License
> 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0).

It would seem that the XML file has the information you are looking for
if you have some way to extract it.


--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.

kkaren
05-Apr-2017, 11:08
Cool, I'll look into that. Thanks again for the help, Kevin. Appreciate it!