Zypper

Zypper is a command line package manager for installing, updating and removing packages as well as for managing repositories.

zypper lp – list all applicable patches.

root# zypper lp
Refreshing service 'SUSE_Linux_Enterprise_Server_12_SP2_x86_64'.
Loading repository data...
Reading installed packages...

Repository | Name | Category | Severity | Interactive | Status | Summary
-------------------+---------------------------------+-------------+----------+-------------+--------+------------------------------------------
SLES12-SP2-Updates | SUSE-SLE-SERVER-12-SP2-2018-614 | recommended | low | --- | needed | Recommended update for aaa_base
SLES12-SP2-Updates | SUSE-SLE-SERVER-12-SP2-2018-616 | recommended | low | --- | needed | Recommended update for xfsprogs
SLES12-SP2-Updates | SUSE-SLE-SERVER-12-SP2-2018-624 | security | moderate | --- | needed | Security update for openssl
SLES12-SP2-Updates | SUSE-SLE-SERVER-12-SP2-2018-626 | recommended | low | --- | needed | Recommended update for yast2-installation

Found 4 applicable patches:
4 patches needed (1 security patch)

root#

zypper info -t patch – show info for the specific patch.

root# zypper info -t patch SUSE-SLE-SERVER-12-SP2-2018-624

Information for patch SUSE-SLE-SERVER-12-SP2-2018-624:
------------------------------------------------------
Repository : SLES12-SP2-Updates
Name : SUSE-SLE-SERVER-12-SP2-2018-624
Version : 1
Arch : noarch
Vendor : maint-coord@suse.de
Status : needed
Category : security
Severity : moderate
Created On : Wed Apr 11 17:03:21 2018
Interactive : ---
Summary : Security update for openssl
Description :
This update for openssl fixes the following issues:

- CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7)
could eventually exceed the stack given malicious input with excessive recursion. This could result
in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from
untrusted sources so this is considered safe. (bsc#1087102).

Provides : patch:SUSE-SLE-SERVER-12-SP2-2018-624 = 1
Conflicts : [8]
libopenssl-devel.x86_64 < 1.0.2j-60.24.1 libopenssl1_0_0.x86_64 < 1.0.2j-60.24.1 libopenssl1_0_0-32bit.x86_64 < 1.0.2j-60.24.1 libopenssl1_0_0-hmac.x86_64 < 1.0.2j-60.24.1 libopenssl1_0_0-hmac-32bit.x86_64 < 1.0.2j-60.24.1 openssl.src < 1.0.2j-60.24.1 openssl.x86_64 < 1.0.2j-60.24.1 openssl-doc.noarch < 1.0.2j-60.24.1

zypper install patch: - install only specific patch.

root# zypper install patch:SUSE-SLE-SERVER-12-SP2-2018-624
Refreshing service 'SUSE_Linux_Enterprise_Server_12_SP2_x86_64'.
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following NEW patch is going to be installed:
SUSE-SLE-SERVER-12-SP2-2018-624

The following 4 packages are going to be upgraded:
libopenssl-devel libopenssl1_0_0 libopenssl1_0_0-32bit openssl

4 packages to upgrade.
Overall download size: 2.8 MiB. Already cached: 0 B. After the operation, additional 63.0 B will be used.
Continue? [y/n/...? shows all options] (y): y
Retrieving package libopenssl1_0_0-1.0.2j-60.24.1.x86_64 (1/4), 1.1 MiB ( 2.9 MiB unpacked)
Retrieving delta: ./x86_64/libopenssl1_0_0-1.0.2j-60.20.2_60.24.1.x86_64.drpm, 91.4 KiB
Retrieving: libopenssl1_0_0-1.0.2j-60.20.2_60.24.1.x86_64.drpm .............................................................................................................[done]
Applying delta: ./libopenssl1_0_0-1.0.2j-60.20.2_60.24.1.x86_64.drpm .......................................................................................................[done]
Retrieving package libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 (2/4), 837.9 KiB ( 2.4 MiB unpacked)
Retrieving delta: ./x86_64/libopenssl1_0_0-32bit-1.0.2j-60.20.2_60.24.1.x86_64.drpm, 91.3 KiB
Retrieving: libopenssl1_0_0-32bit-1.0.2j-60.20.2_60.24.1.x86_64.drpm .......................................................................................................[done]
Applying delta: ./libopenssl1_0_0-32bit-1.0.2j-60.20.2_60.24.1.x86_64.drpm .................................................................................................[done]
Retrieving package openssl-1.0.2j-60.24.1.x86_64 (3/4), 658.9 KiB ( 1.5 MiB unpacked)
Retrieving delta: ./x86_64/openssl-1.0.2j-60.20.2_60.24.1.x86_64.drpm, 69.0 KiB
Retrieving: openssl-1.0.2j-60.20.2_60.24.1.x86_64.drpm .....................................................................................................................[done]
Applying delta: ./openssl-1.0.2j-60.20.2_60.24.1.x86_64.drpm ...............................................................................................................[done]
Retrieving package libopenssl-devel-1.0.2j-60.24.1.x86_64 (4/4), 276.0 KiB ( 1.7 MiB unpacked)
Retrieving delta: ./x86_64/libopenssl-devel-1.0.2j-60.20.2_60.24.1.x86_64.drpm, 54.9 KiB
Retrieving: libopenssl-devel-1.0.2j-60.20.2_60.24.1.x86_64.drpm ............................................................................................................[done]
Applying delta: ./libopenssl-devel-1.0.2j-60.20.2_60.24.1.x86_64.drpm ......................................................................................................[done]
Checking for file conflicts: ...............................................................................................................................................[done]
(1/4) Installing: libopenssl1_0_0-1.0.2j-60.24.1.x86_64 ....................................................................................................................[done]
(2/4) Installing: libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64 ..............................................................................................................[done]
(3/4) Installing: openssl-1.0.2j-60.24.1.x86_64 ............................................................................................................................[done]
(4/4) Installing: libopenssl-devel-1.0.2j-60.24.1.x86_64 ...................................................................................................................[done]
There are some running programs that might use files deleted by recent upgrade. You may wish to check and restart some of them. Run 'zypper ps -s' to list these programs.
root#

Once, this patch is installed, you can check the info for this patch, as it can be seen, the "Status" has changed to applied.

root# zypper info -t patch SUSE-SLE-SERVER-12-SP2-2018-624
Refreshing service 'SUSE_Linux_Enterprise_Server_12_SP2_x86_64'.
Loading repository data...
Reading installed packages...

Information for patch SUSE-SLE-SERVER-12-SP2-2018-624:
------------------------------------------------------
Repository : SLES12-SP2-Updates
Name : SUSE-SLE-SERVER-12-SP2-2018-624
Version : 1
Arch : noarch
Vendor : maint-coord@suse.de
Status : applied
Category : security
Severity : moderate
Created On : Wed Apr 11 17:03:21 2018
Interactive : ---
Summary : Security update for openssl
Description :
This update for openssl fixes the following issues:

- CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7)
could eventually exceed the stack given malicious input with excessive recursion. This could result
in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from
untrusted sources so this is considered safe. (bsc#1087102).

Provides : patch:SUSE-SLE-SERVER-12-SP2-2018-624 = 1
Conflicts : [8]
libopenssl-devel.x86_64 < 1.0.2j-60.24.1 libopenssl1_0_0.x86_64 < 1.0.2j-60.24.1 libopenssl1_0_0-32bit.x86_64 < 1.0.2j-60.24.1 libopenssl1_0_0-hmac.x86_64 < 1.0.2j-60.24.1 libopenssl1_0_0-hmac-32bit.x86_64 < 1.0.2j-60.24.1 openssl.src < 1.0.2j-60.24.1 openssl.x86_64 < 1.0.2j-60.24.1 openssl-doc.noarch < 1.0.2j-60.24.1 root#

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*