SUSE Support

Here When You Need Us

How to create a custom repository for CVE-2014-6271 & CVE-2014-7169 on SMT and SUSE Manager

This document (7015731) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11 Service Pack 3 (SLES 11 SP3)
SUSE Linux Enterprise Server 11 Service Pack 2 (SLES 11 SP2)
SUSE Linux Enterprise Server 11 Service Pack 1 (SLES 11 SP1)
SUSE Manager 2.1
SUSE Manager 1.7

Situation

The shellshock situation (CVE-2014-6271 & CVE-2014-7169) forced a lot of customers to apply patches to outdated OS versions.
As these patches could not be retrieved through the normal channels (unless a LTSS support agreement has been signed) the easiest solution to distribute such patches to larger environments is to create a custom repository.
Further details on the shellshock situation can be found in TID 7015702 - CVE-2014-6271 & CVE-2014-7169 - Shellshock

Resolution

The easiest way to create a custom repo is to use the createrepo package that was developed for SUSE Manager but can be installed on all SLES 11 SP3 systems (SLES11-SP3-Updates repository) via:
  • zypper in createrepo
Once the package has been installed please go ahead and create the custom repository by following these steps:

  1. Download the RPM's that should be part of the custom repository.
    Information on how to access the patches can be found in  TID 7015702 - CVE-2014-6271 & CVE-2014-7169 - Shellshock or Patch Finder directly.

  2. Create a folder in /srv/www/htdocs with the name of the new repo, for example "SLES11-shellshock":

    mkdir -p /srv/www/htdocs/<custom repo name>

  3. Copy the files to /srv/www/htdocs/<custom repo name>

  4. Issue the following command in the new repo:

    createrepo
    or
    createrepo /srv/www/htdocs/<custom repo name>


    The URL on the SMT system will be: http://<SMT FQDN>/<custom repo name</updates
    The URL on the SUSE Manager will be: http://<SUSE Manager/<custom repo name>

Cause


Additional Information

In case the software selection is locked and no additional packages may be installed, there is a procedure to create the needed structure manually:
mkdir -p /srv/www/htdocs/<custom repo name>
cd /srv/www/htdocs/<custom repo name>
./create_update_source.sh .
mkdir -p ./updates/suse/x86_64
cp -a <new-postfix-rpm> ./updates/suse/x86_64
cd updates/suse
create_package_descr -x setup/descr/EXTRA_PROV
cd setup/descr
ls > directory.yast
cd ../../..
create_sha1sums -x -n .

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7015731
  • Creation Date: 02-Oct-2014
  • Modified Date:28-Sep-2022
    • Subscription Management Tool
    • SUSE Linux Enterprise Server
    • SUSE Manager

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.