diff --git a/xml/MAIN-SBP-CSP-UpdateInfra.xml b/xml/MAIN-SBP-CSP-UpdateInfra.xml
index 940eb972..519da7eb 100644
--- a/xml/MAIN-SBP-CSP-UpdateInfra.xml
+++ b/xml/MAIN-SBP-CSP-UpdateInfra.xml
@@ -41,6 +41,7 @@
Setup guide for cloud service providers
SUSE Linux Enterprise Server
+ SUSE Linux Enterprise
SUSE Linux Enterprise Server
diff --git a/xml/MAIN-SBP-GCC-12.xml b/xml/MAIN-SBP-GCC-12.xml
index fb8afb24..9edad315 100644
--- a/xml/MAIN-SBP-GCC-12.xml
+++ b/xml/MAIN-SBP-GCC-12.xml
@@ -42,9 +42,11 @@
Advanced optimization and new capabilities of GCC 12
SUSE Linux Enterprise Server
+ SUSE Linux Enterprise Server
+
- SUSE Linux Enterprise Server 15 SP4
+ SUSE Linux Enterprise Server 15 SP4 and later
Development Tools Module
diff --git a/xml/MAIN-SBP-KMP-Manual-SLE12SP2.xml b/xml/MAIN-SBP-KMP-Manual-SLE12SP2.xml
index fc30e017..87078655 100644
--- a/xml/MAIN-SBP-KMP-Manual-SLE12SP2.xml
+++ b/xml/MAIN-SBP-KMP-Manual-SLE12SP2.xml
@@ -40,15 +40,16 @@
and describes the processes surrounding those packages.
Describes requirements for RPM kernel module packages
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+
SUSE Linux Enterprise Server 12 SP2 and later
diff --git a/xml/MAIN-SBP-KMP-Manual.xml b/xml/MAIN-SBP-KMP-Manual.xml
index c6a0486a..c74d8e2a 100644
--- a/xml/MAIN-SBP-KMP-Manual.xml
+++ b/xml/MAIN-SBP-KMP-Manual.xml
@@ -38,8 +38,8 @@
and describes the processes surrounding those packages.
Describes requirements for RPM kernel module packages
- SUSE Linux Enterprise Server
- SLES
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
SUSE Linux Enterprise Server 11
diff --git a/xml/MAIN-SBP-Quilting-OSC.xml b/xml/MAIN-SBP-Quilting-OSC.xml
index 3c650e42..fd189fac 100644
--- a/xml/MAIN-SBP-Quilting-OSC.xml
+++ b/xml/MAIN-SBP-Quilting-OSC.xml
@@ -44,6 +44,7 @@
SUSE Linux EnterpriseSUSE Linux EnterpriseSUSE Linux Enterprise
+
Open Build Service
diff --git a/xml/MAIN-SBP-RPM-Packaging.xml b/xml/MAIN-SBP-RPM-Packaging.xml
index db998dfe..49644385 100644
--- a/xml/MAIN-SBP-RPM-Packaging.xml
+++ b/xml/MAIN-SBP-RPM-Packaging.xml
@@ -42,7 +42,8 @@
SUSE Linux EnterpriseSUSE Linux EnterpriseSUSE Linux Enterprise
- SUSE Linux Enterprise
+ SUSE Linux Enterprise
+
diff --git a/xml/MAIN-SBP-SLE-OffLine-Upgrade-Local-Boot.xml b/xml/MAIN-SBP-SLE-OffLine-Upgrade-Local-Boot.xml
index 3aca1b85..8e26797a 100644
--- a/xml/MAIN-SBP-SLE-OffLine-Upgrade-Local-Boot.xml
+++ b/xml/MAIN-SBP-SLE-OffLine-Upgrade-Local-Boot.xml
@@ -50,6 +50,7 @@
SUSE Linux EnterpriseSUSE Linux EnterpriseSUSE Linux Enterprise
+
SUSE Linux Enterprise 11 and newer
diff --git a/xml/MAIN-SBP-SLE15-Custom-Installation-Medium.xml b/xml/MAIN-SBP-SLE15-Custom-Installation-Medium.xml
index 0faea721..10e392dc 100644
--- a/xml/MAIN-SBP-SLE15-Custom-Installation-Medium.xml
+++ b/xml/MAIN-SBP-SLE15-Custom-Installation-Medium.xml
@@ -47,6 +47,7 @@
SUSE Linux EnterpriseSUSE Linux EnterpriseSUSE Linux Enterprise
+
SUSE Linux Enterprise 15
diff --git a/xml/MAIN-SBP-SLSA.xml b/xml/MAIN-SBP-SLSA.xml
index 3a47be1e..d617e000 100644
--- a/xml/MAIN-SBP-SLSA.xml
+++ b/xml/MAIN-SBP-SLSA.xml
@@ -33,7 +33,7 @@
SLSA: Securing the Software Supply Chain
How SUSE, as a long-time champion and expert of software supply chain
security, prepares for SLSA L4 compliance
- Creating a custom installation media for SLE 15
+ Securing the SUSE software supply chain for SLSA L4
diff --git a/xml/MAIN-SBP-SUMA-on-IBM-PowerVM.xml b/xml/MAIN-SBP-SUMA-on-IBM-PowerVM.xml
index 27aab83b..8c02c658 100644
--- a/xml/MAIN-SBP-SUMA-on-IBM-PowerVM.xml
+++ b/xml/MAIN-SBP-SUMA-on-IBM-PowerVM.xml
@@ -6,8 +6,8 @@
]>
+ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:its="http://www.w3.org/2005/11/its"
+ xml:id="art-sbp-suma-ibmpowervm" xml:lang="en">
Deploying SUSE Linux Enterprise Products with SUSE Manager on IBM PowerVM
@@ -17,45 +17,52 @@
https://github.com/SUSE/suse-best-practices/issues/new
- Deploying SUSE Linux Enterprise Products with SUSE Manager on IBM PowerVM
+ Deploying SUSE Linux Enterprise Products with SUSE Manager on IBM
+ PowerVMhttps://github.com/SUSE/suse-best-practices/edit/main/xml/
- SUSE Best Practices
-
-
+ Best Practices
+
+
Systems Management
-
+
DeploymentInstallationConfiguration
- Deploying SUSE Linux Enterprise Products with SUSE Manager on IBM PowerVM
- Overview of how to deploy SUSE Linux Enterprise products with SUSE Manager
- on IBM Power Systems
-
- SUMA
+ Deploying SUSE Linux Enterprise Products with SUSE Manager on IBM
+ PowerVM
+ Overview of how to deploy SUSE Linux Enterprise products with SUSE
+ Manager on IBM Power Systems
+ Deploying SLE products with SUMA on IBM Power Systems
+
+ SUSE Manager
+ SUSE Manager
+ SUSE Manager
+ SUSE Manager
+ SUSE Manager
+ SUSE Manager
- 2018-08-14
- SUSE Manager 3.1 and later
+ SUSE Manager
-
+
-
- Olivier
- Van Rompuy
-
-
- Senior System Engineer and Technical Consultant
- IRIS
-
+
+ Olivier
+ Van Rompuy
+
+
+ Senior System Engineer and Technical Consultant
+ IRIS
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 2018-08-14
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 2018-08-14
+
+
+
+
+
+
+ 2018-08-14
@@ -102,15 +119,14 @@
IBM PowerVM LPARs, including Autoinstallation, AutoYaST and Netboot Integration.
- Disclaimer:
- Documents published as part of the SUSE Best Practices series have been contributed voluntarily
- by SUSE employees and third parties. They are meant to serve as examples of how particular
- actions can be performed. They have been compiled with utmost attention to detail. However,
- this does not guarantee complete accuracy. SUSE cannot verify that actions described in these
- documents do what is claimed or whether actions described have unintended consequences.
- SUSE LLC, its affiliates, the authors, and the translators may not be held liable for possible errors
- or the consequences thereof.
-
+ Disclaimer: Documents published as part of the SUSE Best
+ Practices series have been contributed voluntarily by SUSE employees and third parties. They
+ are meant to serve as examples of how particular actions can be performed. They have been
+ compiled with utmost attention to detail. However, this does not guarantee complete
+ accuracy. SUSE cannot verify that actions described in these documents do what is claimed or
+ whether actions described have unintended consequences. SUSE LLC, its affiliates, the
+ authors, and the translators may not be held liable for possible errors or the consequences
+ thereof.
@@ -157,8 +173,8 @@
for IBM POWER). Collect your registration codes from the SCC portal site at https://scc.suse.com.
- Now choose to add the SUSE Manager Server extension as shown on the screen below, and enter
- Next:
+ Now choose to add the SUSE Manager Server extension as shown on the screen below, and
+ enter Next:YaST Installation - Extensions and Module Selection
@@ -779,12 +795,12 @@ Synchronize the base channel :
In the specific setup at hand, the lifecycle phases are limited to dev and
prod (test has been removed).
-vi ~/.spacewalk-manage-channel-lifecycle/settings.conf
+ vi ~/.spacewalk-manage-channel-lifecycle/settings.conf
phases = dev, prod
exclude channels =
- This can be customized as required, which means you can add and remove phases at this stage
- of the procedure.
+ This can be customized as required, which means you can add and remove phases at this
+ stage of the procedure.Generate the dev channels by promoting the SUSE channels. The same command
is used to fully synchronize the dev channels with the online
@@ -1988,7 +2004,8 @@ zypper ref -y;zypper -n patch -l -y;zypper -n patch -l -y;zypper -n up -l -y
- Now you can create an autoinstallation profile. Click Upload Kickstart/Autoyast File:
+ Now you can create an autoinstallation profile. Click Upload
+ Kickstart/Autoyast File:SUSE Manager Web UI - Button Upload Kickstart/Autoyast File
@@ -2004,7 +2021,7 @@ zypper ref -y;zypper -n patch -l -y;zypper -n patch -l -y;zypper -n up -l -y
The screen below opens. Provide the required details and an AutoYaST script:
-
+ SUSE Manager Web UI - Create Autoinstallation Profile
@@ -2537,8 +2554,8 @@ cp -r /root/grub2 /srv/tftpboot/boot/
SUSE Manager documentation: https://documentation.suse.com/suma/3.2/
+ xlink:href="https://documentation.suse.com/suma/3.2/"
+ >https://documentation.suse.com/suma/3.2/
IBM Knowledge Center:
-
+
diff --git a/xml/MAIN-SBP-SUSE-oem-identification.xml b/xml/MAIN-SBP-SUSE-oem-identification.xml
index 442f5a0c..3ef84119 100644
--- a/xml/MAIN-SBP-SUSE-oem-identification.xml
+++ b/xml/MAIN-SBP-SUSE-oem-identification.xml
@@ -6,8 +6,8 @@
]>
+ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:its="http://www.w3.org/2005/11/its"
+ xml:id="art-sbp-oem-identification" xml:lang="en">
SUSE OEM Identification
@@ -22,38 +22,45 @@
- SUSE Best Practices
-
-
+ Best Practices
+
+
3rd Party
-
+
IntegrationImplementation
- SUSE OEM Identification
- This document provides guidance how to identify a
- SUSE Linux Enterprise-based OEM system
-
- SLE
+ SUSE OEM Identification
+ This document provides guidance how to identify a SUSE Linux
+ Enterprise-based OEM system
+ How to identify a SLE-based OEM system
+
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+
- 2022-08-15
- SUSE Linux Enterprise 12 and 15
-
+ SUSE Linux Enterprise 12 and 15
+
-
+
-
- Daniel
- Rahn
-
-
- Product Manager
- SUSE
-
+
+ Daniel
+ Rahn
+
+
+ Product Manager
+ SUSE
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 2022-08-15
+
+
+
+
+
+
+ 2022-08-15
diff --git a/xml/MAIN-SBP-SUSE-security-report-2021.xml b/xml/MAIN-SBP-SUSE-security-report-2021.xml
index d61157e8..24a84401 100644
--- a/xml/MAIN-SBP-SUSE-security-report-2021.xml
+++ b/xml/MAIN-SBP-SUSE-security-report-2021.xml
@@ -6,8 +6,8 @@
]>
+ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:its="http://www.w3.org/2005/11/its"
+ xml:id="art-sbp-suse-sec-report-21" xml:lang="en">
SUSE Solution Security Risk Report 2021
@@ -21,37 +21,37 @@
https://github.com/SUSE/suse-best-practices/edit/main/xml/
- SUSE Best Practices
-
-
+ Best Practices
+
+
Security
-
- Vulnerability
+
+ VulnerabilityAuditing
- SUSE Solution Security Risk Report 2021
- Summary of all security vulnerabilities which affected SUSE products
- in calendar year 2021
-
+ SUSE Solution Security Risk Report 2021
+ Summary of all security vulnerabilities which affected SUSE products in
+ calendar year 2021
+ Summary of security issues affecting SUSE in 2021
+
+
+ All SUSE Products
-
+
-
- Stoyan
- Manolov
-
-
- Head of Solution Security
- SUSE
-
+
+ Stoyan
+ Manolov
+
+
+ Head of Solution Security
+ SUSE
+
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 2022-04-27
+
+
+
+
+ 2022-04-27
@@ -152,26 +161,26 @@
BackgroundSoftware provides security features (such as authentication methods, encryption, intrusion
- prevention and detection, backup and others). However, it can also contain errors (such as design flaws,
- programming errors, and even backdoors) that often turn out to be relevant for the system's
- security. The SUSE Security Team's task is to addresses all of these aspects of software
+ prevention and detection, backup and others). However, it can also contain errors (such as design
+ flaws, programming errors, and even backdoors) that often turn out to be relevant for the
+ system's security. The SUSE Security Team's task is to addresses all of these aspects of software
security, with the understanding that security in software is a challenge that never ends.
Software security cannot be understood a state taken at some certain point in time; it is a
process that must be filled with professional expertise and permanent development, both on
software and on skills. The resulting evolution is what has given open source software, Linux and
SUSE its excellent reputation for security.
- A modern Linux operating system, such as SUSE Linux Enterprise Server for enterprise use
- or the openSUSE community distribution for home use, features a rich set of security programs and
+ A modern Linux operating system, such as SUSE Linux Enterprise Server for enterprise use or
+ the openSUSE community distribution for home use, features a rich set of security programs and
functions that range from access controls, intrusion prevention and detection, flexible and
trustworthy authentication mechanisms, encryption for files and network connections, file
integrity checking utilities, to network analysis tools and monitoring/logging utilities for your
system. To complement this, there are advanced tools that help you to securely configure and
administer your system, and to securely download and install update packages. These utilities are
standard in SUSE products. The update packages fix security bugs that have been found after your
- product has been released. The security features of your Linux system are waiting for you to explore
- them. SUSE encourages our customers to take advantage of them to further improve the level of
- privacy and security that is built into every system by default.
+ product has been released. The security features of your Linux system are waiting for you to
+ explore them. SUSE encourages our customers to take advantage of them to further improve the
+ level of privacy and security that is built into every system by default. Programs are usually written by humans, and humans make mistakes. By consequence, all
software can contain errors. Some of these errors appear as instabilities (the software or the
@@ -189,15 +198,15 @@
The SUSE Solution Security team is responsible for handling all SUSE product-related
security incidents. In that team, clear and well-defined roles are assigned for tracking new
- incidents and coordinating needed updates. The team works with all SUSE engineering
- software specialists.
+ incidents and coordinating needed updates. The team works with all SUSE engineering software
+ specialists.We use multiple sources to understand security incidents. These sources include the Mitre
- and NVD Common Vulnerabilities and Exposures (CVE) databases, various security mailing lists (OSS security, Linux distros, distros,
- bugtraq, and full-disclosure), direct reports, and other Linux vendors databases. We are also
- part of various pre-notification mailing lists for software components, like Xen, Samba, X.ORG.
- Confidential pre-notifications about vulnerabilities will be treated according to established
- responsible disclosure procedures.
+ and NVD Common Vulnerabilities and Exposures (CVE) databases, various security mailing lists (OSS
+ security, Linux distros, distros, bugtraq, and full-disclosure), direct reports, and other Linux
+ vendors databases. We are also part of various pre-notification mailing lists for software
+ components, like Xen, Samba, X.ORG. Confidential pre-notifications about vulnerabilities will be
+ treated according to established responsible disclosure procedures.
@@ -207,19 +216,19 @@
We rate the severity of incidents with two different systems, a simplified rating system and
the Common Vulnerability Scoring System (CVSS) v3.1 scoring system. The CVSS is an open framework
for communicating the characteristics and severity of software vulnerabilities. It is being
- developed by the US-based non-profit organization FIRST.org: Its main goal is to assign the
- right score to a vulnerability to help security administrators prioritize responses and resources
- to specific threats. CVSS v3.1 scoring consists of three metric groups: Base, Temporal, and
+ developed by the US-based non-profit organization FIRST.org: Its main goal is to assign the right
+ score to a vulnerability to help security administrators prioritize responses and resources to
+ specific threats. CVSS v3.1 scoring consists of three metric groups: Base, Temporal, and
Environmental. The Base group represents the intrinsic qualities of a vulnerability that are
constant over time and across user environments. The Temporal group reflects the characteristics
- of a vulnerability that change over time. The Environmental group represents the
- characteristics of a vulnerability that are unique to a user's environment. The Base metrics
- produce a score ranging from 0 to 10, which can then be modified by scoring the Temporal and
- Environmental metrics. A CVSS score is also represented as a vector string, a compressed textual
- representation of the values used to derive the score. Today, SUSE uses the Base score
- methodology to evaluate vulnerabilities throughout the support lifecycle of our products. SUSE
- keeps the right to adjust the final score of the vulnerability as more details become known and
- available throughout the analysis. The most current CVSS resources can be found at . The CVSS v3.1 calculator used by SUSE could be
found at . The framework is
measuring the severity of a given vulnerability, not the associated risk alone. The scoring of
@@ -230,16 +239,17 @@
The security incidents are tracked in our own workflow system, technical details are
tracked in the SUSE bug-tracking system, and the updated software package is built, processed,
- and published by our internal Open Build System. Internal Service Level Agreements (SLAs) corresponding to the severity
- rating are monitored and reviewed regularly. Our packagers backport the required security fixes
- to our version of the software. To protect the stability of our customer setups, we only rarely
- do minor version upgrades. After receiving fixes for the affected software, four eye reviews
- cross-check the source patches. A number of automated checks verify source and binary
- compatibility and the completeness of patch meta information. They also check whether patches can be
- installed without problems. Dedicated QA teams provide integration, bugfix, and regression
- testing for all updates before they are released to our customers. After the release of an
- update, automated processes publish the updates, update notices, and cross reference information
- on our CVE index pages and machine-readable OVAL and CVRF XML information.
+ and published by our internal Open Build System. Internal Service Level Agreements
+ (SLAs) corresponding to the severity rating are monitored and reviewed regularly. Our packagers
+ backport the required security fixes to our version of the software. To protect the stability of
+ our customer setups, we only rarely do minor version upgrades. After receiving fixes for the
+ affected software, four eye reviews cross-check the source patches. A number of automated checks
+ verify source and binary compatibility and the completeness of patch meta information. They also
+ check whether patches can be installed without problems. Dedicated QA teams provide integration,
+ bugfix, and regression testing for all updates before they are released to our customers. After
+ the release of an update, automated processes publish the updates, update notices, and cross
+ reference information on our CVE index pages and machine-readable OVAL and CVRF XML
+ information.The objective of this report is to provide a summary of all security vulnerabilities which
affected SUSE products in calendar year 2021. We will go into details on the high impact
@@ -316,11 +326,11 @@
class, occasionally newer versions are introduced to a released version of an enterprise product
line.
- Sometimes also for other types of packages the choice is made to introduce a new version rather
- than a backport. This is done when producing a backport is not economically feasible or when
- there is a very relevant technical reason to introduce the newer version.
+ Sometimes also for other types of packages the choice is made to introduce a new version
+ rather than a backport. This is done when producing a backport is not economically feasible or
+ when there is a very relevant technical reason to introduce the newer version.
-
+
Major security vulnerabilities in 2021
@@ -348,10 +358,10 @@
does not uses Zipkin and is not affect to the vulnerability.
The vulnerability does not affect SUSE Manager, as it is using at most log4j 1.2.x, which
- is not affected. One component of SUSE OpenStack Cloud (storm) embeds log4j 2.x, which
- immediately received the required update. The SUSE NeuVector product is not affected by this
- vulnerability, but its security scanner functionality has now added support for scanning your
- containers, see the NeuVector log4j2 page.
+ is not affected. One component of SUSE OpenStack Cloud (storm) embeds log4j 2.x,
+ which immediately received the required update. The SUSE NeuVector product is not affected by
+ this vulnerability, but its security scanner functionality has now added support for scanning
+ your containers, see the NeuVector log4j2 page.
A much less severe similar vulnerability was discovered in older log4j 1.2.x versions via
the JMS interface. This JMS functionality is not default enabled, administrators must have
@@ -520,7 +530,8 @@
Solution
- Fixes have been provided for all affected and supported SUSE products. For more details, check the CVE Web page referenced below.
+ Fixes have been provided for all affected and supported SUSE products. For more details,
+ check the CVE Web page referenced below.References
@@ -557,10 +568,10 @@
CVE-2020-28243: A privilege escalation is possible on a SaltStack minion when an
- unprivileged user can create files in any non-blacklisted directory via a command
- injection in a processes' name. Simply ending a file with (deleted) and keeping
- a file handle open to it is enough to trigger the exploit whenever a restart check is
- triggered from a SaltStack master.
+ unprivileged user can create files in any non-blacklisted directory via a command injection in
+ a processes' name. Simply ending a file with (deleted) and keeping a file
+ handle open to it is enough to trigger the exploit whenever a restart check is triggered from
+ a SaltStack master.CVE-2020-28972: In SaltStack Salt v2015.8.0 through v3002.2, authentication to vCenter,
@@ -766,8 +777,8 @@
Software and hardware vendors are closely collaborating to ensure that sophisticated
attackers cannot reinstall old versions of GRUB2. Over time, vendors are going to update
- cryptographic keys in the BIOS for new computers, and to provide so-called DBX Exclusion
- List updates for existing computers. These can prevent systems that are not patched and old
+ cryptographic keys in the BIOS for new computers, and to provide so-called DBX Exclusion List
+ updates for existing computers. These can prevent systems that are not patched and old
installation media from starting. Make sure you have installed all relevant boot loader and
operating system updates for BootHole before installing a BIOS or DBX Exclusion List update to
ensure continuity.
@@ -827,9 +838,8 @@
FRAGATTACKS - several WLAN vulnerabilitiesSecurity Researcher Mathy Vanhoef discovered various attacks against Wi-Fi (802.11) stacks
- and against the Wi-Fi standard related to Wi-Fi fragments. This vulnerability is documented
- on the Web site and is called
- FRAGATTACKS.
+ and against the Wi-Fi standard related to Wi-Fi fragments. This vulnerability is documented on
+ the Web site and is called FRAGATTACKS.This set of vulnerabilities can allow local attackers in Wi-Fi range to inject traffic even
in encrypted Wi-Fi networks, or get access to information of other users in the same Wi-Fi
@@ -1064,8 +1074,8 @@
Security Evaluation is an international standard (ISO/IEC 15408), recognized by 26 countries
(CCRA) worldwide. Details regarding SUSE’s full Common Criteria Part 3 conformant EAL 4
augmented by ALC_FLR.3 Systematic Flaw Remediation certification are listed at
- .
+ xlink:href="https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Betriebssysteme/1151.html?nn=513260"
+ /> .
On January 29th 2021, the Defense Information Systems Agency (DISA) has released the SUSE
Linux Enterprise Server 15 Security Technical Implementation Guide (STIG). Details regarding STIG
diff --git a/xml/MAIN-SBP-SUSE-security-report-2022.xml b/xml/MAIN-SBP-SUSE-security-report-2022.xml
index 83871af7..48d0dd32 100644
--- a/xml/MAIN-SBP-SUSE-security-report-2022.xml
+++ b/xml/MAIN-SBP-SUSE-security-report-2022.xml
@@ -6,8 +6,8 @@
]>
+ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:its="http://www.w3.org/2005/11/its"
+ xml:id="art-sbp-suse-sec-report-22" xml:lang="en">
SUSE Solution Security Risk Report 2022
@@ -22,25 +22,25 @@
- SUSE Best Practices
-
-
+ Best Practices
+
+
Security
-
- Vulnerability
+
+ VulnerabilityAuditing
- SUSE Solution Security Risk Report 2022
- Summary of all security vulnerabilities which affected SUSE products
- in calendar year 2022
-
+ SUSE Solution Security Risk Report 2022
+ Summary of all security vulnerabilities which affected SUSE products in
+ calendar year 2022
+ Summary of security issues affecting SUSE in 2022
+
+
+ All SUSE Products
- All SUSE Products
-
@@ -80,6 +80,15 @@
+
+
+
+ 2023-04-08
+
+
+
+
+ 2023-04-08
@@ -1072,17 +1081,17 @@
Sigstore is a recent initiative to enhance signing and cryptographic verification of open
source deliveries. SUSE has adopted additional "cosign" style signing for its published container
- images including Base Container Images (BCI) containers. SUSE also started uploading cryptographic
- signatures to the global "rekor" transparency log for its containers and product repositories in
- February 2022. SUSE Linux Enterprise Base Container Images (SLE BCI) offer a platform for
- creating SUSE Linux Enterprise Server-based custom container images and containerized
- applications that can be distributed freely. SLE BCIs feature the same predictable enterprise
- lifecycle as SUSE Linux Enterprise Server. The SLE_BCI 15 SP3 and SP4 repository (which is a
- subset of the SUSE Linux Enterprise repository) gives SLE BCIs access to 4000 packages available
- for the AMD64/Intel 64, AArch64, PowerPC, and IBM Z architectures. The packages in the repository
- have undergone quality assurance and security audits by SUSE. The container images are
- FIPS-compliant when running on a host in FIPS mode. In addition to that, SUSE can provide
- official support for SLE BCIs through SUSE subscription plans.
+ images including Base Container Images (BCI) containers. SUSE also started uploading
+ cryptographic signatures to the global "rekor" transparency log for its containers and product
+ repositories in February 2022. SUSE Linux Enterprise Base Container Images (SLE BCI) offer a
+ platform for creating SUSE Linux Enterprise Server-based custom container images and
+ containerized applications that can be distributed freely. SLE BCIs feature the same predictable
+ enterprise lifecycle as SUSE Linux Enterprise Server. The SLE_BCI 15 SP3 and SP4 repository
+ (which is a subset of the SUSE Linux Enterprise repository) gives SLE BCIs access to 4000
+ packages available for the AMD64/Intel 64, AArch64, PowerPC, and IBM Z architectures. The
+ packages in the repository have undergone quality assurance and security audits by SUSE. The
+ container images are FIPS-compliant when running on a host in FIPS mode. In addition to that,
+ SUSE can provide official support for SLE BCIs through SUSE subscription plans.
SecurityEach package in the SLE_BCI repository undergoes security
diff --git a/xml/MAIN-SBP-Spectre-Meltdown-L1TF.xml b/xml/MAIN-SBP-Spectre-Meltdown-L1TF.xml
index 19621fa3..7f81b991 100644
--- a/xml/MAIN-SBP-Spectre-Meltdown-L1TF.xml
+++ b/xml/MAIN-SBP-Spectre-Meltdown-L1TF.xml
@@ -11,123 +11,139 @@
+ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:its="http://www.w3.org/2005/11/its"
+ xml:id="art-sbp-spectre-meltdown" xml:lang="en">
System Performance Implications of Meltdown, Spectre, and L1TF Vulnerabilitiesin SUSE-based ProductsAll SUSE Products
-
+
https://github.com/SUSE/suse-best-practices/issues/new
- System Performance Implications of Meltdown, Spectre, and L1TF Vulnerabilities
+ System Performance Implications of Meltdown, Spectre, and L1TF
+ Vulnerabilitieshttps://github.com/SUSE/suse-best-practices/edit/main/xml/
- SUSE Best Practices
-
-
+ Best Practices
+
+
Security
- Tuning & Performance
+ Tuning & Performance
-
+
VulnerabilityAuditingMonitoring
- SLSA: Securing the Software Supply Chain
- Information about released mitigations for Meltdown, Spectre, and L1
- Terminal Fault (L1TF) in SUSE Linux Enterprise-based products
-
- SLE
+ SLSA: Performance implications of Meltdown, Spectre, and L1TF
+ Information about released mitigations for Meltdown, Spectre, and L1
+ Terminal Fault (L1TF) in SUSE Linux Enterprise-based products
+ Meltdown, Spectre, L1TF and their impact on SLE
+
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+ SUSE Linux Enterprise
+
- 2019-01-17
- SUSE Linux Enterprise
-
+ SUSE Linux Enterprise
+
-
+
-
- Sheilagh
- Morlan
-
-
- Manager Software Engineering
- SUSE
-
+
+ Sheilagh
+ Morlan
+
+
+ Manager Software Engineering
+ SUSE
+
-
- Bryan
- Stephenson
-
-
- SUSE OpenStack Cloud Security Engineer
- SUSE
-
+
+ Bryan
+ Stephenson
+
+
+ SUSE OpenStack Cloud Security Engineer
+ SUSE
+
-
-
- T.R.
- Bosworth
-
-
- Senior Product Manager SUSE OpenStack Cloud
- SUSE
-
-
-
-
- Jiri
- Kosina
-
-
- Director SUSE Labs Core
- SUSE
-
-
-
-
- Vojtech
- Pavlik
-
-
- VP SUSE Labs
- SUSE
-
-
-
-
- Olaf
- Kirch
-
-
- VP SUSE Linux Enterprise
- SUSE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 2019-01-17
+
+
+
+
+ 2019-01-17
@@ -137,15 +153,13 @@
to help customers evaluate how best to performance test their deployments.
- Disclaimer:
- Documents published as part of the SUSE Best Practices series have been contributed voluntarily
- by SUSE employees and third parties. They are meant to serve as examples of how particular
- actions can be performed. They have been compiled with utmost attention to detail. However,
- this does not guarantee complete accuracy. SUSE cannot verify that actions described in these
- documents do what is claimed or whether actions described have unintended consequences.
- SUSE LLC, its affiliates, the authors, and the translators may not be held liable for possible errors
- or the consequences thereof.
-
+ Disclaimer: Documents published as part of the SUSE Best
+ Practices series have been contributed voluntarily by SUSE employees and third parties. They are
+ meant to serve as examples of how particular actions can be performed. They have been compiled
+ with utmost attention to detail. However, this does not guarantee complete accuracy. SUSE cannot
+ verify that actions described in these documents do what is claimed or whether actions described
+ have unintended consequences. SUSE LLC, its affiliates, the authors, and the translators may not
+ be held liable for possible errors or the consequences thereof.
@@ -501,7 +515,7 @@
-
+
diff --git a/xml/MAIN-SBP-intelsupport.xml b/xml/MAIN-SBP-intelsupport.xml
index 4ecf8fe1..66dd2e35 100644
--- a/xml/MAIN-SBP-intelsupport.xml
+++ b/xml/MAIN-SBP-intelsupport.xml
@@ -38,8 +38,6 @@
supported by a specific Intel* microarchitecture.
What Intel microarchitecture supports which SLE version
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise ServerSUSE Linux Enterprise ServerSUSE Linux Enterprise ServerSUSE Linux Enterprise Server
diff --git a/xml/MAIN-SBP-susemanager.xml b/xml/MAIN-SBP-susemanager.xml
index cf96a579..6856a4c4 100644
--- a/xml/MAIN-SBP-susemanager.xml
+++ b/xml/MAIN-SBP-susemanager.xml
@@ -7,7 +7,9 @@
+
Advanced Patch Lifecycle Management with SUSE
Manager
@@ -25,23 +27,28 @@
- SUSE Best Practices
+ Best Practices
-
+
Systems Management
-
+
Upgrade & Update
- Advanced Patch Lifecycle Management with SUSE Manager
- How to set up and configure a SUSE Manager
- implementation to enable companies in the delivery of often requested features
-
- SUMA
+ Advanced Patch Lifecycle Management with SUSE Manager
+ How to set up and configure a SUSE Manager
+ implementation to enable companies in the delivery of often requested features
+ Advanced patch lifecycle management with SUMA
+
+ SUSE Manager
+ SUSE Manager
+ SUSE Manager
+ SUSE Manager
+ SUSE Manager
+ SUSE Manager
- 2018-07-11
- SUSE Manager
+ SUSE Manager
@@ -83,7 +90,16 @@
-
+
+
+
+ 2018-07-11
+
+
+
+
+
+
2018-07-11