RE: [suse-security] System Update and Online Update
Thanks. To make it more clear for my last question, How can I find out if my SUSE box has got specific vulnerability fixed so that I should not bother to patch it. I just installed fou4s and is reading man pages for usage help. BTW, could this utility check patches for both application and kernel? Could it install/uninstall application. ben -----Original Message----- From: Armin Schoech [mailto:armin.schoech@web.de] Sent: 2004年4月16日 15:14 To: suse-security@suse.com Subject: Re: [suse-security] System Update and Online Update Hi,
I come to be working on some stuff of patch on SUSE Linux. And I wonder if you or someone else out there could recommend some site or provide some patch artchitecture information on SUSE about how vulnerabilities are detected and patched.
--> I don't really understand your question. There is no standard way of detecting a vulnerability. In general, someone out there finds a vulnerability either by looking through the source code (code-auditing) or by stumbling upon it when something doesn't work as expected or desired. Most often, the vulnerability is first released to the distributors (like SuSE) so they can fix it before it goes public and can be exploited. Regarding patches: SuSE prepares updated RPM-packages which are published on the SuSE FTP-servers. If you want to get notification about them, subscribe to "suse-security-announce". Minor updates are not announced but simply turn up on the FTP server. To keep your system up-to-date, monitor the FTP-server regularly or run YOU/fou4s regularly (at least once a week). HTH to answer your questions, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50 -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hello,
To make it more clear for my last question, How can I find out if my SUSE box has got specific vulnerability fixed so that I should not bother to patch it.
--> you have to look at the changelog of the specific package. "rpm -q --changelog k_deflt | more" lists all changes and patches applied to the default kernel. The same can be used for any application e.g. "rpm -q --changelog openssh"
BTW, could this utility check patches for both application and kernel? Could it install/uninstall application.
--> Fou4s will update all SuSE packages that you have installed on your system. It will not update packages which are not supported by SuSE (unless you write your own patch description files for these packages). Fou4s is used to update packages that are already installed, it is not meant for installing/uninstalling packages. Use "YaST" instead or the "rpm -U/-I" command from the commandline. Cheers, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
participants (2)
-
Armin Schoech
-
Gao, Ruidong