SUSE 15 update installed packages for security

last updated in Categories , , ,

I would like to update installed packages for security on SUSE 15 (SUSE Linux Enterprise Server) server. How can I update my SUSE 15 system using zypper command?

Keeping your system, kernel, and the installed application is an essential sysadmin task. An updated SUSE Linux Enterprise Server means fewer security issues and increased system stability. SUSE 15 is pretty user-friendly when it comes to applying updates and patches. This page shows how to update SUSE 15 system using the zypper command or the GUI tools for desktop installation.

SUSE 15 update installed packages for security

The procedure to install updates on SUSE/SLES:

  1. Open the terminal app.
  2. For remote server log in using the ssh command: ssh user@server-name-here.
  3. Refersh SUSE repository from the Internet or local server, execute: sudo zypper refresh
  4. Show information about update advisories, run: sudo zypper list-updates
  5. Issue the command sudo zypper update to install updates.
  6. Reboot the system if the SUSE Linux kernel was updated by typing sudo reboot command.

Let us see all steps in details.

Refresh SLES repositories

Type:
sudo zypper refresh
SUSE zypper refresh repo command

Find out info about available security-related updates

It is a good idea to find out if there any updates available for the box. Hence, run the following command:
sudo zypper list-patches
Sample outputs:

Refreshing service 'Basesystem_Module_x86_64'.
Refreshing service 'Containers_Module_x86_64'.
Refreshing service 'Desktop_Applications_Module_x86_64'.
Refreshing service 'Development_Tools_Module_x86_64'.
Refreshing service 'Legacy_Module_x86_64'.
Refreshing service 'Public_Cloud_Module_x86_64'.
Refreshing service 'Python_2_Module_x86_64'.
Refreshing service 'SUSE_Cloud_Application_Platform_Tools_Module_x86_64'.
Refreshing service 'SUSE_Linux_Enterprise_Server_x86_64'.
Refreshing service 'Server_Applications_Module_x86_64'.
Refreshing service 'Web_and_Scripting_Module_x86_64'.
Loading repository data...
Reading installed packages...
 
Repository                            | Name                                          | Category    | Severity  | Interactive | Status | Summary                                      
--------------------------------------+-----------------------------------------------+-------------+-----------+-------------+--------+----------------------------------------------
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-1992   | recommended | moderate  | ---         | needed | Recommended update for yast2-packager        
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2289   | recommended | moderate  | ---         | needed | Recommended update for open-iscsi            
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2292   | recommended | moderate  | ---         | needed | Recommended update for SUSEConnect           
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2293   | recommended | moderate  | ---         | needed | Recommended update for sysconfig             
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2306   | recommended | moderate  | ---         | needed | Recommended update for parted                
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2307   | security    | moderate  | ---         | needed | Security update for util-linux and shadow    
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2324   | recommended | moderate  | ---         | needed | Recommended update for yast2, yast2-packager 
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2332   | security    | moderate  | ---         | needed | Security update for python-urllib3           
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2352   | recommended | moderate  | ---         | needed | Recommended update for rsyslog               
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2357   | recommended | moderate  | ---         | needed | Recommended update for lmdb                  
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2359   | security    | moderate  | ---         | needed | Security update for samba                    
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2361   | recommended | moderate  | ---         | needed | Recommended update for krb5                  
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2367   | recommended | moderate  | ---         | needed | Recommended update for lvm2                  
SLE-Module-Basesystem15-SP1-Updates   | SUSE-SLE-Module-Basesystem-15-SP1-2019-2373   | security    | important | ---         | needed | Security update for curl                     
SLE-Module-Public-Cloud15-SP1-Updates | SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2283 | recommended | moderate  | ---         | needed | Recommended update for google-compute-engine 
SLE-Module-Public-Cloud15-SP1-Updates | SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2344 | recommended | important | ---         | needed | Recommended update for cloud-regionsrv-client
 
Found 16 applicable patches:
16 patches needed (4 security patches)

Display list the number of needed patches (patches that apply to your system but are not yet installed)
sudo zypper patch-check
Want to see a list of the updates on screen? Try the following command along with grep command:
sudo zypper list-updates
sudo zypper list-updates | more
sudo zypper list-updates | grep nginx

Check for SUSE 15 software and security updates
Before you apply updates please note down Linux kernel version, run:
uname -mrs
Sample outputs:

Linux 4.12.14-197.15-default x86_64

How to install updates via zypper command line for SUSE 15

Open up a terminal application or log in using ssh. Run the zypper command to upgrade all installed packages on SUSE Linux system:
sudo zypper update
SUSE 15 Applying Security Updates Using zypper
One can only apply all security related patches to the machines, run:
sudo zypper update --type patch
OR
sudo zypper patch
SUSE 15 update installed packages using zypper
Please note that the plain zypper patch command does not apply patches from third party repos. Hence, update also the third party repositories, use the with-update command option as follows:
sudo zypper patch --with update
Try optional patches, use:
sudo zypper patch --with-optional
Want to install all patches relating to a specific Bugzilla issue, use:
sudo zypper patch --bugzilla=NUMBER
One can install all patches relating to a specific CVE database entry, use:
sudo zypper patch --cve=NUMBER
sudo zypper patch --cve=CVE-2018-10933

Finally, install only patches which affect Zypper and the package management itself, use:
sudo zypper patch --updatestack-only
You can view outdated process by running the following command:
$ zypper ps -s
Sample outputs:

The following running processes use deleted files:
 
PID  | PPID | UID  | User  | Command          | Service           
-----+------+------+-------+------------------+-------------------
1    | 0    | 0    | root  | systemd          |                   
464  | 1    | 0    | root  | systemd-journald | systemd-journald  
483  | 1    | 0    | root  | systemd-udevd    | systemd-udevd     
720  | 1    | 0    | root  | systemd-logind   | systemd-logind    
1207 | 1    | 0    | root  | agetty (deleted) | serial-getty@ttyS0
1208 | 1    | 0    | root  | agetty (deleted) | getty@tty1        
1256 | 1    | 0    | root  | sshd             | sshd              
3561 | 1256 | 0    | root  | sshd             |                   
3563 | 1    | 1000 | vivek | systemd          |                   
3564 | 3563 | 1000 | vivek | systemd          |                   
3569 | 3561 | 1000 | vivek | sshd             |                   
 
You may wish to restart these processes.
See 'man zypper' for information about the meaning of values in the above table.
 
No core libraries or services have been updated.
Reboot is probably not necessary.

Restart outdated process one by one using the systemctl command:
$ sudo systemctl restart sshd
Or use bash for loop as follows:

for i in systemd-journald  systemd-udevd  systemd-logind  serial-getty@ttyS0  getty@tty1 sshd
do
 sudo systemctl restart "$i"
done

How do I update a single package?

Run the following command:
sudo zypper update pkg_name
sudo zypper update util-linux

Reboot the Linux system

You must reboot system when SUSE 15 Linux kernel gets updated, run:
sudo reboot
Verify Linux kernel version and list updates:
uname -mrs
sudo zypper ref
sudo zypper list-updates

Checking For and Updating Packages on SUSE 15 Linux
Checking for package updates on SUSE 15/SLES

Conclusion

You learned how to install the software update for all installed packages using the GUI and CLI methods on SUSE 15 (SUSE Linux Enterprise Server)based systems. See SLES zypper man page for more information or type the following man command:
man zypper

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Start the discussion at www.nixcraft.com

Historical Comment Archive

1 comment

    Still, have a question? Get help on our forum!