SUSE Blog

Our CVE Pages – self help to security issues in SUSE Linux Enterprise



By: msmeissn

September 5, 2017 8:33 pm

Reads:803

Comments:0

Score:Unrated

Print/PDF

SUSE CVE Pages

SUSE offers various self-service options for getting information on Security Issues.

One of these self-service options that are intended for human consumption are our CVE Pages.

For every CVE that might be related to our products we provide a webpage with our current status.

These pages cover SUSE Enterprise products, and also contain content for the openSUSE distributions.

The detailed evaluation in regards to scoring and affectedness is done only for SUSE Enterprise products.

If you find details missing or think they are incorrect, please work with your support engineer or contact SUSE Security.

Upstream Information

This is the text that the central CVE assignment authority has given this problem. A link to the CVE page at Mitre is also included.

Overall State

This specifies the internal processing state at SUSE of the issue.

  • Resolved: Everything is considered to be done to address this issue.
  • Does not affect SUSE: This problem does not affect SUSE Enterprise products.
  • Pending: This issue still contains packages that need to be fixed.
  • Running: Updates are currently in QA.
  • Analysis: The SUSE Security Team is currently analysing this issue.
  • New: This issue is waiting for Analysis.
  • Postponed: This issue is waiting for more information before analysis can continue.

Rating

This gives the simplified rating as described on SUSE Security Rating Page.

CVSS scores

The next part of the page is listing both the CVSS v2 and CVSS v3 scoring of this issue.
We include both the NVD CVSS scores and the SUSE scores side by side.

Note that we only score issues affecting our SUSE Enterprise products.

We started scoring security issues using CVSS v3 this year and will stop using the CVSS v2 scoring in the near future.

SUSE Bugzilla Entries

The SUSE Bugzilla entries referencing this issue are listed and their current state.

Please note that these bugreports are meant for technical cooperation on these issues and not for user consumption or user support.

SUSE Security Advisories

A list linking to the published SUSE Security Advisories and for critical issues also the Technical Information Document (TID).

List of released packages

The packages with their exact version numbers that we have released to fix these issues in a table, by product, packages with versions and also with cross references to the SUSE Patchbuilder site.

For getting released packages in a programmatic way we offer OVAL and CVRF data.

List of packages in QA

This section lists all the packages that are currently in the QA. If this section is not present, nothing is currently in QA.

List of planned updates

The products and packages were we plan to release updates at some point in the future.

Status of this issue by product and package

The internal evaluation state for every product and package pair.

Following states are possible:

  • Already Fixed: The package is not affected by the problem, e.g. we ship a newer version.
  • Affected: The package is affected by the problem.
  • Released: An update for this package was released.
  • Unsupported: The codestream is no longer supported.
  • Not affected: This package is considered not to be affected.
  • Analysis: This package is being analysed for affectedness.
  • In Progress: An update is currently in QA.
  • Ignore: The issue is being ignored as it either is too minor or other mitigating circumstances are present.

Note that the evaluation state can still change, especially on fresh issues if more information is received or researched.

Also check out our SUSE Security Portal.

Get free email alerts on the topics of this article:

securitySUSE
Get Alerts!

Your subscription request was successful.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...

Tags: , , , ,
Categories: Enterprise Linux, Server, SUSE Linux Enterprise, SUSE Linux Enterprise Server, Technical Solutions

Disclaimer: As with everything else in the SUSE Blog, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS