Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]

10 Patches

The Main Menu › Patches menu from the left bar helps tracking the availability and application of patches to your managed systems.

The Main Menu › Patches › Patches page displays all or relevant patches for at least one of your managed systems that have not been applied yet.

Note
Note: Receiving Patches for Your System

To receive an e-mail when patches are issued for your system, go to Main Menu › Home › Your Preferences and select Receive email notifications.

SUSE distinguishes three types of patches: security updates, bug fix updates, and enhancement updates. Each patch consists of a summary of the problem and solution, including the RPM packages fixing the problem.

Icons are used to identify the three types:

  • Security Alert — Security Updates available, strongly recommended

  • Bug Fix Alert — Bug Fix Updates available, recommended

  • Enhancement Alert — Enhancement Updates available, optional

A summary of each patch is provided in list form displaying its type, advisory ID, synopsis (with the severity as a textual prefix in case of security updates, such as critical, important, moderate, or low), number of affected systems in your network, and date updated.

In addition, you may view patches by product line at the following location: http://download.suse.com/patch/psdb/. For more information on security updates, see https://www.suse.com/support/security/.

10.1 Relevant

The Relevant patches page displays a customized list of patches applying to your registered systems.

patches relevant patches

Clicking an Advisory ID of a patch takes you to the Details page of the Patch Details page. Clicking the number of associated systems takes you to the Affected Systems page of the Patch Details page. Refer to Section 10.2.2, “Patch Details” for more information.

10.2 All

The All patches page displays a list of all patches released by SUSE, irrelevant of whether they apply to your registered systems or not.

patches all patches

Like in the Relevant Patches page, clicking either Advisory or the number of systems affected takes you to related tabs of the Patch Details page. Refer to Section 10.2.2, “Patch Details” for more information.

10.2.1 Applying Patches

Patches include a list of updated packages. To apply patches to a system, the system must be entitled.

Apply all applicable patches to a system by clicking Main Menu › Systems › Systems. Click the name of an entitled system. Then open the System Details › Software › Patches subtab. When the relevant patch list appears, click Select All then Apply Patches. Only patches not scheduled, scheduled but failed, or canceled patches are listed. Pending updates are excluded.

In addition, users with appropriate roles can apply patches using two other methods:

  • To apply a specific patch to one or more systems, locate it in the patch list and click the number of systems affected, which takes you to the Affected Systems page of the Patch Details page. Select the individual systems to be updated and click the Apply Patches button. Double-check the systems to be updated on the confirmation page, then click the Confirm button.

  • To apply more than one patch to one or more systems, select the systems from the Main Menu › Systems › Systems list. Click the Main Menu › Systems › System Set Manager › Overview, then click the Systems tab. After ensuring the appropriate systems are selected, click the Patches tab, select the patches to apply, and click the Apply Patches button. Schedule a date and time for the patch to be applied. Default is the current date. Click the Confirm button. You can follow the progress of the patch application via the Pending Actions list. Refer to Chapter 15, Schedule for more details.

Important
Important

If you use scheduled package installation, the packages or patches are installed via the configured contact method. For more information, see Book “Best Practices”, Chapter 8 “Contact Methods”, Section 8.2 “Traditional Contact Method (rhnsd)”.

The following rules apply to patches:

  • Each package is a member of one or more channels. If a selected system is not subscribed to a channel containing the package, the update will not be installed on that system.

  • If a newer version of the package is already installed on the system, the update will not be installed.

  • If an older version of the package is installed, the package will be upgraded.

10.2.2 Patch Details

If you click the advisory of a patch in the Relevant or All pages, its Patch Details page appears. This page is further divided into the following tabs:

10.2.2.1 Patch Details › Details

This subtab displays the patch report issued by SUSE. It provides a synopsis of the patch first (with the severity as a textual prefix in case of security updates, such as critical, important, moderate, or low), issue date, and any update dates. This is followed by a description of the patch and the steps required to resolve the issue.

Below the Affected Channels label, all channels that contain the affected package are listed. Clicking a channel name displays the Packages subtab of the Channel Details page for that channel. Refer to Section 11.1.7, “Channel Details” for more information.

Security updates list the specific vulnerability as tracked by http://cve.mitre.org. This information is listed below the CVEs label.

OVAL is an open vulnerability and assessment language promoted by Mitre, http://oval.mitre.org. Clicking the link below the Oval label downloads this information to your system. More useful are the SUSE Update Advisories at https://www.suse.com/support/update/.

10.2.2.2 Patch Details › Packages

This page provides links to each of the updated RPMs by channel. Clicking the name of a package displays its Package Details page.

10.2.2.3 Patch Details › Affected Systems

This page lists systems affected by the patches. You can apply updates here. (See Section 10.2.1, “Applying Patches”.) Clicking the name of a system takes you to its System Details page. Refer to Section 7.3, “System Details” for more information.

To determine whether an update has been scheduled, refer to the Status column in the affected systems table. Possible values are: N/A, Pending, Picked Up, Completed, and Failed. This column identifies only the last action related to a patch. For example, if an action fails and you reschedule it, this column shows the status of the patch as pending with no mention of the previous failure. Clicking a status other than N/A takes you to the Action Details page. This column corresponds to one on the Patch tab of the System Details page.

10.3 Advanced Search

The Main Menu › Patches › Advanced Search page allows you to search through patches by specific criteria.

patches advanced search patches
  • All Fields — Search patches by synopsis, description, topic, or solution.

  • Patch Advisory — The name or the label of the patch.

  • Package Name — Search particular packages by name:

    kernel

    Results will be grouped by advisory. For example, searching for 'kernel' returns all package names containing the string kernel, grouped by advisory.

  • CVE — The name assigned to the security advisory by the Common Vulnerabilities and Exposures (CVE) project at http://cve.mitre.org. For example:

    CVE-2006-4535

To filter patch search results, check or uncheck the boxes next to the type of advisory:

  • Bug Fix Advisory — Patches that fix issues reported by users or discovered during development or testing.

  • Security Advisory — Patches fixing a security issue found during development, testing, or reported by users or a software security clearing house. A security advisory usually has one or more CVE names associated with each vulnerability found in each package.

  • Product Enhancement Advisory — Patches providing new features, improving functionality, or enhancing performance of a package.

10.4 Manage Patches

Custom patches enable organizations to issue patch alerts for the packages in their custom channels, schedule deployment and manage patches across organizations.

patches published patches
Warning
Warning

If the organization is using both SUSE Manager and SUSE Manager Proxy server, then manage patches only on the SUSE Manager server since the proxy servers receive updates directly from it. Managing patches on a proxy in this combined configuration risks putting your servers out of synchronization.

10.4.1 Creating and Editing Patches

To create a custom patch alert, proceed as follows:

  1. Click Main Menu › Patches › Manage Patches › Published. Then on the Patches Management page, click Create Patch.

patches create patch
  1. Enter a label for the patch in the Advisory field, ideally following a naming convention adopted by your organization.

  2. Complete all remaining required fields, then click the Create Patch button. View standard SUSE Alerts for examples of properly completed fields.

Patch management distinguishes between published and unpublished patches.

  • Published : this page displays the patch alerts the organization has created and disseminated. To edit an existing published patch, follow the steps described in Section 10.4.1, “Creating and Editing Patches”. To distribute the patch, click Send Notification in the Send Patch Mail section on the top of the Patch Details page. The patch alert is sent to the administrators of all affected systems.

  • Unublished : this page displays the patch alerts your organization has created but not yet distributed. To edit an existing unpublished patch, follow the steps described in Section 10.4.1, “Creating and Editing Patches”. To publish the patch, click Publish Patch on the top-right corner of the Patch Details page. Confirm the channels associated with the patch and click the Publish Patch button, now in the lower-right corner. The patch alert is moved to the Published page awaiting distribution.

SUSE Manager administrators can also create patches by cloning an existing one. Cloning preserves package associations and simplifies issuing patches. See Section 10.5, “Cloning Patches” for instructions.

To edit an existing patch alert’s details, click its advisory on the Patches Management page, make the changes in the appropriate fields of the Details tab, and click the Update Patch button. Click the Channels tab to alter the patch’s channel association. Click the Packages tab to view and modify its packages.

To delete patches, select their check boxes on the Patches Management page, click the Delete Patches button, and confirm the action. Deleting published patches might take a few minutes.

10.4.2 Assigning Packages to Patches

To assign packages to patches, proceed as follows:

  1. Select a patch, click the Packages tab, then the Add subtab.

  2. To associate packages with the patch being edited, select the channel from the View drop-down box that contains the packages and click View. Packages already associated with the patch being edited are not displayed. Selecting All managed packages presents all available packages.

  3. After clicking View, the package list for the selected option appears. Note that the page header still lists the patch being edited.

  4. In the list, select the check boxes of the packages to be assigned to the edited patch and click Add Packages.

  5. A confirmation page appears with the packages listed. Click Confirm to associate the packages with the patch. The List/Remove subtab of the Managed Patch Details page appears with the new packages listed.

When packages are assigned to a patch, the patch cache is updated to reflect the changes. This update is delayed briefly so that users may finish editing a patch before all the changes are made available. To initiate the changes to the cache manually, follow the directions to commit the changes immediately at the top of the page.

10.4.3 Publishing Patches

After adding packages to the patch, the patch needs to be published to be disseminated to affected systems. Follow this procedure to publish patches:

  1. On the top navigation bar, click Main Menu › Patches › Manage Patches › Unpublished to see all the unpublished patches listed.

  2. Click the patch Advisory name to open the patch details pages.

  3. On the patch details page, click Publish Patch. A confirmation page appears that will ask you to select which channels you want to make the patch available in. Choose the relevant channels.

  4. At the bottom of the page, click Publish Patch. The patch published will now appear on the Published page of Manage Patches.

10.4.4 Published

Here all published patches are listed. It is possible to perform the following actions:

  • To create a patch, click Create Patch.

  • To delete patches, select them first and then click Delete Patches.

  • Click an Advisory name to open the patch details page.

10.4.5 Unpublished

Here all published patches are listed. It is possible to perform the same actions as with published patches. For more information, see Section 10.4.4, “Published”. Additionally, on a patch details page, you can click Publish Patch for publishing.

10.5 Cloning Patches

Patches can be cloned for easy replication and distribution as part of SUSE Manager.

patches clone patches

Only patches potentially applicable to one of your channels can be cloned. Patches can be applicable to a channel if that channel was cloned from a channel to which the patch applies. To access this functionality, click Main Menu › Patches › Clone Patches.

On the Clone Patches page, select the channel containing the patch from the View drop-down box and click View. When the patch list appears, select the check box of the patch to be cloned and click Clone Patch. A confirmation page appears with the patch listed. Click Confirm to finish cloning.

The cloned patch appears in the Unpublished patch list. Verify the patch text and the packages associated with that patch, then publish the patch so it is available to users in your organization.

Print this page