Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
608 views

OES2018 and security patching

This month's security alerts about the Meltdown and Spectre
vulnerabilities are already addressed by SUSE:

On SLES12 SP2 with patches to the 4.4.103-92.56.1 kernel
On SLES11 SP4 with patches to the 3.0.101-108.21.1 kernel
https://www.suse.com/security/cve/CVE-2017-5753/
+ of course other patches are needed

So that OES2015SP1 since about a week ago can be patched against these
CVEs.

However OES2018 does not use the SUSE repos for the base OS; instead it
gets updates from OES2018-SLES12-SP2-Updates. In this respect it is
more like a SLES appliance than previous releases. That and the move to
SLE12 I embrace as being good thing, although not without its teething
problems: I did successfully upgrade this from 2015SP1 with IDM 4.62
after a moderate struggle.

Right now though, my fully patched OES2018 test machine is only on
kernel 4.4.74-92.38.1 and so is not patchable against the Meltdown and
Spectre vulnerabilities (unlike its predecessor). The kernel version
marks this repository as being about 3 months behind the cusp of the
SLES12 SP2 repos.

I am hoping that the current lag between the SLES and OES_SLES repos is
not going to be a permanent one; at the moment, it is part of the
argument against upgrading live servers.

PaulK
Labels (2)
0 Likes
2 Replies
Absent Member.
Absent Member.

On 11/01/18 10:06, thsundel wrote:
>
> More info here:
> https://www.novell.com/communities/coolsolutions/spectre-meltdown-vulnerabilities-open-enterprise-server-oes/
>
> Thomas
>
>

Well that's positive. I'll await the actual release for 2018 in the
Integrated Update Channel.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.