SUSE releases a critical OracleASM update with a new 4K RSA secure boot key for IBM Power & Z systems. Learn installation steps, affected products, and security implications for SUSE Linux Enterprise & openSUSE Leap 15.5.
Why This Update Matters for Enterprise Linux Systems
A moderate-rated security update for OracleASM has been released, addressing secure boot compatibility for IBM Power and Z architectures. This rebuild introduces a new 4K RSA key, enhancing security for enterprise environments running SUSE Linux Enterprise (SLE) and openSUSE Leap 15.5.
Key Features:
✔ New 4K RSA Secure Boot Key (IBM Power/Z)
✔ Unchanged Signing Key (x86/x86_64 & AArch64)
✔ Enterprise-Grade Security Patch
Affected Products & Installation Guide
This update impacts:
SUSE Linux Enterprise Server 15 SP5 (LTSS & SAP)
SUSE Linux Enterprise High Performance Computing (HPC) 15 SP5
openSUSE Leap 15.5
Patch Installation Methods
Recommended: Use YaST Online Update or
zypper patchManual Installation: Run the following commands based on your OS:
| Product | Command |
|---|---|
| openSUSE Leap 15.5 | zypper in -t patch SUSE-2025-1623=1 |
| SLE HPC ESPOS 15 SP5 | zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1623=1 |
| SLE Server LTSS 15 SP5 | zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1623=1 |
| SLE for SAP 15 SP5 | zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1623=1 |
Package List & Architecture Support
This update includes debuginfo and kernel module packages for:
AArch64, ppc64le, s390x, x86_64
Real-time (RT) and 64kb kernel variants
Security Implications & Best Practices
🔒 Why Upgrade?
Ensures secure boot compliance for IBM Power & Z systems
Maintains kernel module integrity in SUSE Linux environments
Prevents potential bootloader vulnerabilities
⚠ Note: x86/x86_64 and AArch64 users do not require key changes.
References & Further Reading
SUSE JIRA Issue: PED-12028
SUSE Security Advisory: SUSE-RU-2025:01623-1
Nenhum comentário:
Postar um comentário