Strengthening SUSE’s Security Commitment: Introducing SUSE Long Term Service Pack Support Extended Security.

SUSE Linux Enterprise Server has long been recognized for SUSE’s unwavering commitment to providing customers with the highest security standards in enterprise Linux. Now, SUSE is expanding this commitment to deliver even more comprehensive security for SUSE Linux Enterprise Server (SLES) beyond its standard general support phase with SUSE Long Term Service Pack Support Extended Security.

Previously, customers could extend the lifecycle of SUSE Linux Enterprise Server through Long Term Service Pack Support (LTSS), which provided essential support and patches for vulnerabilities rated important (CVSS 7) and above after the end of General Support, similar to other enterprise Linux providers. With the newly introduced LTSS Extended Security, SUSE takes this a step further, lowering the threshold to cover vulnerabilities rated medium (CVSS 4) and higher—a commitment unmatched by any other enterprise Linux provider, making it a unique offering in the industry. CVSS scores are defined here.

By enhancing the security commitment of LTSS, SUSE enables customers to confidently expand their enterprise Linux lifecycle, meeting evolving security demands while upgrading at a pace that suits their unique operational needs.

Understanding SUSE’s Lifecycle Phases

SUSE Linux Enterprise 12 Life Cycle, including LTSS Extended Security (LTSS ES) option for SP5.

SUSE offers an extensive lifecycle plan to support SLES users across three key phases, ensuring that customers can maintain a secure and stable system over the long term. Here’s a breakdown of the lifecycle phases of a SUSE Linux Enterprise Server version:

1. General Support: This phase includes full support, complete with regular updates, security patches, and maintenance to ensure system reliability and security.
2. Long Term Service Pack Support (up to 3 additional years after General Support): In the final Service Pack of a version, customers can choose between:
   • Long Term Service Pack Support: Available for all Service Packs, it provides extended support with important and critical security patches and maintenance for vulnerabilities rated important (CVSS 7) and above.
   • Long Term Service Pack Support Extended Security: A new offering available only for the final service pack of a version, currently available for SLES 12 SP5 (check the lifecycle here). LTSS Extended Security complements LTSS by lowering the vulnerability threshold to medium (CVSS 4), ensuring a more comprehensive security posture during this extended support period. This enables customers to keep running their most stringent enterprise workloads over the long term with a higher level of security than any other Linux solution available.
3. Long Term Service Pack Support Core (up to 3 extra additional years available only for the final Service Pack of a version): This phase extends the final Service Pack of a SUSE Linux Enterprise Server version support for essential components beyond the LTSS period, targeting a core set of system elements critical for stability and security.

With these phases, SUSE ensures a total support duration of up to 19 years, providing the longest-term support available in the Linux market with the highest security standards. This extensive support commitment empowers industries with long-term operational demands to maintain secure and compliant environments for their critical applications.

LTSS Extended Security applies to both SUSE Linux Enterprise Server and SUSE Linux Enterprise Server for SAP Applications, ensuring the longest-term security for enterprise Linux environments, including mission-critical SAP workloads.

You can find more info about Long Term Service Pack Support on the Product Lifecycle Support Policies webpage.

SUSE’s Security Vulnerability Classification

SUSE uses the industry-standard Common Vulnerability Scoring System (CVSS) version 3.1 to assess and categorize security vulnerabilities, ensuring a consistent and transparent approach to vulnerability management. This system assigns scores that guide the prioritization of security updates and classifies vulnerabilities into four main categories:

• Critical: Vulnerabilities with a CVSS score of 9.0 and above. These flaws can be easily exploited by remote, unauthenticated attackers, potentially leading to system compromise without user interaction.
• Important: Vulnerabilities scoring between 7.0 and 8.9. These issues may compromise the confidentiality, integrity, or availability of resources, allowing local users to gain privileges or unauthenticated remote users to access protected resources.
• Moderate: Vulnerabilities with scores from 4.0 to 6.9. Though less severe, these vulnerabilities still warrant attention to maintain overall system security.
• Low: Vulnerabilities scoring below 4.0, considered to have minimal impact on system security.

By adhering to CVSS 3.1, SUSE ensures a standardized and transparent vulnerability assessment, empowering customers to make informed decisions on applying security updates. For more details on SUSE’s vulnerability rating, see SUSE Security Rating.

Introducing LTSS Extended Security

LTSS Extended Security is a significant enhancement to SUSE’s support offerings, designed to provide deeper security coverage during the extended lifecycle of SLES. Unlike traditional LTSS, which addresses vulnerabilities rated CVSS 7 and above, LTSS Extended Security includes vulnerabilities rated CVSS 4 and higher, expanding the range of threats covered and further securing vital systems.

With this offering, SUSE provides the longest-term support with the highest security standards in the Linux market, enabling highly regulated industries to leverage their long-term investments in a secure Linux environment while maintaining compliance requirements. Through LTSS Extended Security, enterprises in sectors like finance, healthcare, and government can continue operating their most critical workloads with confidence, knowing they’re supported by a comprehensive security infrastructure.

Benefits of LTSS Extended Security

• Comprehensive Coverage: By lowering the CVSS threshold to 4.0, LTSS Extended Security offers protection against a broader set of vulnerabilities, providing a more robust security posture.
• Flexibility in Upgrades: With LTSS Extended Security, organizations can plan and execute upgrades at a pace that fits their operational requirements, without sacrificing security.
• Extended Lifecycle: Together with LTSS and LTSS Core, LTSS Extended Security supports a total lifecycle of up to 19 years, meeting the needs of industries with long-term operational demands.

SUSE’s Commitment to Innovation, Continuity, and Security

SUSE Linux’s dedication to innovation and continuity has driven the creation of LTSS Extended Security, a unique offering in the Linux ecosystem. This commitment ensures that organizations can confidently meet today’s stringent security and compliance standards, fully supported by SUSE’s unparalleled security infrastructure.

By continually advancing its support offerings, SUSE enables its customers to run their most critical workloads with the assurance of high security and extended support—empowering them to focus on their core objectives, secure in the knowledge that their systems are protected and compliant.

To learn more about LTSS Extended Security and SUSE’s long-term support offerings, visit the SUSE Long Term Service Pack Support page.