Online Update Question

I was wondering if it is OK to do an OnLine Update and installing any available patches on my SLES SP3 server with GroupWise 2012?
I was reading this Bash vulnerability and started getting worried,
and then wondered if Updates would address this vulnerability.
Anyone up to date on this issue and is it covered in patches from Online Updates?


>>>>>

New 'Bash' software bug may pose bigger threat than 'Heartbleed' http://a.msn.com/01/en-us/BB5AiOm

>>>>>
Parents
  • dkamp;2334514 wrote:
    I was wondering if it is OK to do an OnLine Update and installing any available patches on my SLES SP3 server with GroupWise 2012?
    I was reading this Bash vulnerability and started getting worried,
    and then wondered if Updates would address this vulnerability.
    Anyone up to date on this issue and is it covered in patches from Online Updates?


    >>>>>

    New 'Bash' software bug may pose bigger threat than 'Heartbleed' http://a.msn.com/01/en-us/BB5AiOm

    >>>>>



    I applied all updates to two SLES servers (no OES) this morning without an issue. You should be fine and I'd definitely recommend getting the bash patches on there, especially if you have servers facing the internet side with Web(Access) services.
  • On advise from a Linux person this is the procedure we used for our GroupWise and Data Synchronizer servers.
    Hope it helps someone else.

    rpm -qa | grep -E "bash|readline|openssl|http" | sort
    suse_register -d 2 -L /root/.suse_register.log
    zypper refresh -s
    zypper repos
    zypper -n -q lu 2>
  • dkamp;2334851 wrote:
    On advise from a Linux person this is the procedure we used for our GroupWise and Data Synchronizer servers.


    Interesting way to patch :) I'm curious, why not apply all patches for SLES, and just apply those selective patches? I'd opt for keeping the system as updated as possible for all packages that are running on it.

    Cheers,
    Willem
  • dkamp;2334851 wrote:
    On advise from a Linux person this is the procedure we used for our GroupWise and Data Synchronizer servers.


    Interesting way to patch :) I'm curious, why not apply all patches for SLES, and just apply those selective patches? I'd opt for keeping the system as updated as possible for all packages that are running on it.

    Cheers,
    Willem
  • dkamp;2334851 wrote:
    On advise from a Linux person this is the procedure we used for our GroupWise and Data Synchronizer servers.


    Interesting way to patch :) I'm curious, why not apply all patches for SLES, and just apply those selective patches? I'd opt for keeping the system as updated as possible for all packages that are running on it.

    Cheers,
    Willem
  • For security and political issues, we needed to show we were Proactive on the Bash, and OpenSSL issue. Since the Bash patch was so recent the Online Update did not show patch yet, so this is the method I was asked to do.
    I do plan on scheduling a down time for any other patches as soon as they will allow downtime again.


    >>>>>>>>>>>>>>>>>



    >>> magic31magic31@no-mx.forums.novell.com> 9/29/2014 7:36 AM >>



    > Interesting way to patch :) I'm curious, why not apply all patches for
    > SLES, and just apply those selective patches? I'd opt for keeping the
    > system as updated as possible for all packages that are running on it.



    > Cheers,
    > Willem



    --
    Knowledge Partner (voluntary sysop)
    ---
    If you find a post helpful and are logged into the web interface,
    please show your appreciation and click on the star below it. Thanks!
    ------------------------------------------------------------------------
    magic31's Profile: https://forums.novell.com/member.php?userid=2303
    View this thread: https://forums.novell.com/showthread.php?t=479523
Reply
  • For security and political issues, we needed to show we were Proactive on the Bash, and OpenSSL issue. Since the Bash patch was so recent the Online Update did not show patch yet, so this is the method I was asked to do.
    I do plan on scheduling a down time for any other patches as soon as they will allow downtime again.


    >>>>>>>>>>>>>>>>>



    >>> magic31magic31@no-mx.forums.novell.com> 9/29/2014 7:36 AM >>



    > Interesting way to patch :) I'm curious, why not apply all patches for
    > SLES, and just apply those selective patches? I'd opt for keeping the
    > system as updated as possible for all packages that are running on it.



    > Cheers,
    > Willem



    --
    Knowledge Partner (voluntary sysop)
    ---
    If you find a post helpful and are logged into the web interface,
    please show your appreciation and click on the star below it. Thanks!
    ------------------------------------------------------------------------
    magic31's Profile: https://forums.novell.com/member.php?userid=2303
    View this thread: https://forums.novell.com/showthread.php?t=479523
Children
No Data