How do I only list or install only security updates under RHEL 5.x or CentOS Linux server? How do I find out security updates descriptions such as CVE, bugs, issued date and type for each patch?
You can easily find out security patches related information using yum-security plugin. This plugin adds the options --security, --cve, --bz and --advisory flags to yum and the list-security and info-security commands. The options make it possible to limit list/upgrade of packages to specific security relevant ones. The commands give you the security information.
Install Plugin
Type the following command:
# yum install yum-security
How Do I Display Available Security Updates?
Type the following command:
# yum list-security
Sample Outputs:
Loaded plugins: rhnplugin, security RHSA-2009:1148-1 security httpd-2.2.3-22.el5_3.2.x86_64 RHSA-2009:1148-1 security httpd-devel-2.2.3-22.el5_3.2.i386 RHSA-2009:1148-1 security httpd-manual-2.2.3-22.el5_3.2.x86_64 RHSA-2009:1148-1 security mod_ssl-1:2.2.3-22.el5_3.2.x86_64 list-security done
To list all updates that are security relevant, and get a reutrn code on whether there are security updates use:
# yum --security check-update
To get a list of all BZs that are fixed for packages you have installed use:
# yum list-security bugzillas
To get the information on advisory RHSA-2009:1148-1 use:
# yum info-security RHSA-2009:1148-1
Sample Outputs:
Loaded plugins: rhnplugin, security
===============================================================================
RHSA-2009:1148
===============================================================================
Update ID : RHSA-2009:1148-1
Release :
Type : security
Status : final
Issued : 2009-07-08 23:00:00
Bugs : 509125 - None
: 509375 - None
CVEs : CVE-2009-1890
: CVE-2009-1891
Description : Important: httpd security update \The Apache HTTP Server is a
: popular Web server. A denial of service flaw was
: found in the Apache mod_proxy module when it was
: used as a reverse proxy. A remote attacker could
: use this flaw to force a proxy process to consume
: large amounts of CPU time. (CVE-2009-1890) A
: denial of service flaw was found in the Apache
: mod_deflate module. This module continued to
: compress large files until compression was
: complete, even if the network connection that
: requested the content was closed before
: compression completed. This would cause
: mod_deflate to consume large amounts of CPU if
: mod_deflate was enabled for a large file.
: (CVE-2009-1891) All httpd users should upgrade to
: these updated packages, which contain backported
: patches to correct these issues. After installing
: the updated packages, the httpd daemon must be
: restarted for the update to take effect.
Files : mod_ssl-2.2.3-22.el5_3.2.x86_64.rpm
: httpd-devel-2.2.3-22.el5_3.2.i386.rpm
: httpd-2.2.3-22.el5_3.2.x86_64.rpm
: httpd-devel-2.2.3-22.el5_3.2.x86_64.rpm
: httpd-manual-2.2.3-22.el5_3.2.x86_64.rpm
: mod_ssl-2.2.3-22.el5_3.2.i386.rpm
: httpd-2.2.3-22.el5_3.2.i386.rpm
: httpd-manual-2.2.3-22.el5_3.2.i386.rpm
info-security done
To get an info list of the latest packages which contain fixes for Bugzilla 3595; CVE # CVE-2009-1890 and advisories RHSA-2009:1148-1, use:
# yum --bz 3595 --cve CVE-2009-1890 --advisory RHSA-2009:1148-1 info updates
How Do I Install All The Security Updates Only?
Type the following command to download and install all the available security updates:
# yum update --security
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- My 10 UNIX Command Line Mistakes
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email FAQ to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: 07/9/09
{ 12 comments… read them below or add one }
After install the yum-security, when I run the command: yum list-security and get the following info:
yum list-security
usage: yum [options]
options:
-h, –help show this help message and exit
-t, –tolerant be tolerant of errors
-C run entirely from cache, don’t update cache
-c [config file] config file location
-R [minutes] maximum command wait time
-d [debug level] debugging output level
-e [error level] error output level
-q, –quiet quiet operation
-v, –verbose verbose operation
-y answer yes for all questions
–version show Yum version and exit
–installroot=[path] set install root
–enablerepo=[repo] enable one or more repositories (wildcards allowed)
–disablerepo=[repo] disable one or more repositories (wildcards allowed)
-x [package], –exclude=[package]
exclude package(s) by name or glob
–disableexcludes=[repo]
disable exclude from main, for a repo or for
everything
–obsoletes enable obsoletes processing during updates
–noplugins disable Yum plugins
–nogpgcheck disable gpg signature checking
–disableplugin=[plugin]
disable plugins by name
It’s seem the plugin wast not working. OS is CentOS release 5 (Final).
This plugin only works with CentOS v5.1 / RHEL v5.1 / Fedora v7 or above.
nice info i”ll try this out
Great, Thanks to all for nice inf……
Hi Vivek,
Will you please post an article on “How to create CentOS 5.x local repository for internal systems with CD/DVD RPMs, createrepo and rsync”
Regards,
Tapas
@ Tapas,
Added to queue .. watch out faq section for further update but no ETA ;)
should be made also for CentOS v5.1 >
hi dear
your tutorial is amazing.thanks for your kind of help
Will this plugin work with Centos5.2 64bit.
i’m not sure, but i think this plugin only works in RedHat, never in CentOS.
http://lists.centos.org/pipermail/centos/2009-March/072918.html
Regards!
By default, YUM has plugins disabled. Change your YUM.CONF to include plugins=1 if you are getting the usage error.
yum-security does not work in CentOS. They are working on it, but the infrastructure to support the fasttrack rpms is not fully functional yet.
See this thread for details:
Link