Is it possible to limit yum so that it lists or installs only security updates?

0

how-to-install-and-update-security-patches-in-linux




Environment

Red Hat Enterprise Linux 7.x
Red Hat Enterprise Linux 6.x
Red Hat Enterprise Linux 5.1 and later
Red Hat Network Hosted
Red Hat Satellite
Issue

Is it possible to limit yum so that it lists or installs only security updates?
How to update a system using yum and only apply security errata?
Wanted to update security patches with out modifying OS version. How can we do that?
How to patch the system only with security erratas ?
Resolution

Install the yum-security plugin
It is now possible to limit yum to install only security updates (as opposed to bug fixes or enhancements) using Red Hat Enterprise Linux 5,6, and 7. To do so, simply install the yum-security plugin:

For Red Hat Enterprise Linux 7
The plugin is already a part of yum itself, no need to install anything.

For Red Hat Enterprise Linux 6

# yum install yum-plugin-security
For Red Hat Enterprise Linux 5

# yum install yum-security
Alternatively, download the yum-security package from the Red Hat Network (RHN) and manually install it on the system.

For Red Hat Enterprise Linux 6 and 7

Using yum-security plugin

To list all available erratas without installing them, run:

# yum updateinfo list available
To list all available security updates without installing them, run:
Raw
# yum updateinfo list security all
# yum updateinfo list sec
To get a list of the currently installed security updates this command can be used:

# yum updateinfo list security installed
For Red Hat Enterprise Linux 5

Using yum-security plugin




To list all available erratas without installing them, run:

Raw
# yum list-sec
To list all available security updates without installing them, run:
Raw
# yum list-security –security
For both Red Hat Enterprise Linux 5, 6, and 7

To list all available security updates with verbose descriptions of the issues they apply to:
Raw
# yum info-sec
Run the following command to download and apply all available security updates from Red Hat Network hosted or Red Hat Network Satellite:
Raw
# yum -y update –security
NOTE: It will install the last version available of any package with at least one security errata thus can install non-security erratas if they provide a more updated version of the package.



To only install the packages that have a security errata use
Raw
# yum update-minimal –security -y
yum-security also allows installing security updates based on the CVE reference of the issue. To install a security update using a CVE reference run:
Raw
# yum update –cve
e.g.

Raw
# yum update –cve CVE-2008-0947
Viewing available advisories by severities:

Raw
# yum updateinfo list
This system is receiving updates from RHN Classic or RHN Satellite.
RHSA-2014:0159 Important/Sec. kernel-headers-2.6.32-431.5.1.el6.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-devel-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-libs-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-server-5.1.73-3.el6_5.x86_64
RHBA-2014:0158 bugfix nss-sysinit-3.15.3-6.el6_5.x86_64
RHBA-2014:0158 bugfix nss-tools-3.15.3-6.el6_5.x86_64
If you want to apply only one specific advisory:

Raw
# yum update –advisory=RHSA-2014:0159
However, if you would like to know more information about this advisory before to apply it:

Raw
# yum updateinfo RHSA-2014:0159
For more commands consult the manual pages of yum-security with

Raw
# man yum-security
If you face any missing dependency issue while applying security patches on system then refer to yum update –security fails with missing dependency errors.

Product(s) Red Hat Enterprise Linux Component yum Category Secure Tags errata rhel_5 rhel_6 rhn security sync yum
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.