[opensuse-security] OpenSUSE 13.1 Official Security Update Kernel 3.11.10-32.1 misses patches from announcement
Hi there, At Mon, 1 Feb 2016 16:11:19 +0100 (CET) an openSUSE-SU-2016:0301-1 security update for the kernel of openSUSE 13.1 got announced. http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html It mentions that kernel 3.11.10-32.1 fixes these issues. I verified that many updates/fixes including those mentioned in the advisory are already incorporated in the git version as available from http:// download.opensuse.org/repositories/Kernel://openSUSE-13.1/standard/src/kernel- source-3.11.10-170.1.g1e76e80.src.rpm But when checking with http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.... which explicitly carries the version which is mentioned in the security announcement and is also from 1 Feb 2016 I noticed that the actual security fixes are missing in this package! You may easily verify the issue by either looking at series.conf in the supposed update package or simply check the changelog. rpm -qpi --changelog kernel-source-3.11.10-170.1.g1e76e80.src.rpm |grep 'Source Timestamp' Source Timestamp: 2016-01-20 15:13:45 +0100 versus rpm -qpi --changelog http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.... |grep 'Source Timestamp' Source Timestamp: 2015-03-05 17:24:00 +0100 The later is definitely outdated. I can only assume that maybe something is wrong with the OBS setup. Maybe Coolo can shed some light on the issue. Kind regards --martin konold -- Dipl.-Physiker Martin Konold e r f r a k o n Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker Registergericht: Amtsgericht Stuttgart PR 126 Firmensitz: Adolfstraße 23, 70469 Stuttgart fon: 0711 67400963 fax: 0711 67400959 email: martin.konold@erfrakon.de http://www.erfrakon.de -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hi, I can confirm this. This was a mistake on our side, caused by some confusion of the handling of evergreen updates . We will reissue this kernel (or if quicker, do the 3.12 update) Ciao, Marcus On Wed, Feb 03, 2016 at 08:46:48AM +0100, Martin Konold wrote:
Hi there,
At Mon, 1 Feb 2016 16:11:19 +0100 (CET) an openSUSE-SU-2016:0301-1 security update for the kernel of openSUSE 13.1 got announced.
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html
It mentions that kernel 3.11.10-32.1 fixes these issues.
I verified that many updates/fixes including those mentioned in the advisory are already incorporated in the git version as available from http:// download.opensuse.org/repositories/Kernel://openSUSE-13.1/standard/src/kernel- source-3.11.10-170.1.g1e76e80.src.rpm
But when checking with http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.... which explicitly carries the version which is mentioned in the security announcement and is also from 1 Feb 2016 I noticed that the actual security fixes are missing in this package!
You may easily verify the issue by either looking at series.conf in the supposed update package or simply check the changelog.
rpm -qpi --changelog kernel-source-3.11.10-170.1.g1e76e80.src.rpm |grep 'Source Timestamp'
Source Timestamp: 2016-01-20 15:13:45 +0100
versus
rpm -qpi --changelog http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.... |grep 'Source Timestamp'
Source Timestamp: 2015-03-05 17:24:00 +0100
The later is definitely outdated.
I can only assume that maybe something is wrong with the OBS setup. Maybe Coolo can shed some light on the issue.
Kind regards --martin konold
-- Dipl.-Physiker Martin Konold
e r f r a k o n Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker Registergericht: Amtsgericht Stuttgart PR 126 Firmensitz: Adolfstraße 23, 70469 Stuttgart fon: 0711 67400963 fax: 0711 67400959 email: martin.konold@erfrakon.de http://www.erfrakon.de
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
-- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@suse.de> -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (2)
-
Marcus Meissner
-
Martin Konold