Mailinglist Archive: opensuse-security (24 mails)

< Previous Next >
Re: [opensuse-security] Re: [security-announce] SUSE-SU-2014:1247-1: important: Security update for bash
  • From: Chris Ellis <chris@xxxxxxxxxxx>
  • Date: Wed, 8 Oct 2014 11:23:22 +0100
  • Message-id: <CAF0QPmg=KGEZ1QGpt2aZyG5UGeeqEfY9TbA2J_LCGbGOX0AF0g@mail.gmail.com>
Hi Joe

On Wed, Oct 8, 2014 at 10:49 AM, Joe Schönberg <joeml@xxxxxxxxxxxx> wrote:
Hello all,

Am Montag, 29. September 2014 13:48:03 schrieb Marcus Meissner:
Hi,

Let me refer you to:
https://www.suse.com/support/shellshock/

How to find the packages for SLES11SP2 then?

My system is under patch support and registered, but:

zypper in -t patch sleman17sp2-bash-9779
Loading repository data...
Reading installed packages...
'sleman17sp2-bash-9779' not found in package names. Trying capabilities.
No provider of 'patch:sleman17sp2-bash-9779' found.

I hoped the patch was installed automatically via my update script
while I was in holiday - for the non enterprise Suse systems it was ...

The bash version of my SLES11SP2 is

GNU bash, version 3.2.51(1)-release (x86_64-suse-linux-gnu)

and still vulnerable regarding the usual test script.

I have still pending

kernel-default-3.0.101-0.7.17.1 kernel-default-base-3.0.101-0.7.17.1

which I don't want to install just now because most kernel patches had
broken multipathing in the past.
Is there a dependency with that kernel patch?


Joe


Rather than asking the openSUSE community, would it not be better to ask SUSE,
if you've got a support agreement with them, then raise a ticket.

Reading: https://www.suse.com/support/shellshock/ points me to the patch finder,
which lists:

https://download.suse.com/Download?buildid=nNXClbWqawg~

Also, have you tried:

zypper update bash

or

zypper patch --cve CVE-2014-6271


Regards,
Chris
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
References