RHEL / CentOS: yum Lists / Installs Only Security Updates

by on July 9, 2009 · 21 comments· LAST UPDATED July 9, 2009

in , ,

How do I only list or install only security updates under RHEL 5.x or CentOS Linux server? How do I find out security updates descriptions such as CVE, bugs, issued date and type for each patch?

You can easily find out security patches related information using yum-security plugin. This plugin adds the options --security, --cve, --bz and --advisory flags to yum and the list-security and info-security commands. The options make it possible to limit list/upgrade of packages to specific security relevant ones. The commands give you the security information.

Install Plugin

Type the following command:
# yum install yum-security

How Do I Display Available Security Updates?

Type the following command:
# yum list-security
Sample Outputs:

Loaded plugins: rhnplugin, security
RHSA-2009:1148-1 security httpd-2.2.3-22.el5_3.2.x86_64
RHSA-2009:1148-1 security httpd-devel-2.2.3-22.el5_3.2.i386
RHSA-2009:1148-1 security httpd-manual-2.2.3-22.el5_3.2.x86_64
RHSA-2009:1148-1 security mod_ssl-1:2.2.3-22.el5_3.2.x86_64
list-security done

To list all updates that are security relevant, and get a reutrn code on whether there are security updates use:
# yum --security check-update
To get a list of all BZs that are fixed for packages you have installed use:
# yum list-security bugzillas
To get the information on advisory RHSA-2009:1148-1 use:
# yum info-security RHSA-2009:1148-1
Sample Outputs:

Loaded plugins: rhnplugin, security
===============================================================================
  RHSA-2009:1148
===============================================================================
  Update ID : RHSA-2009:1148-1
    Release :
       Type : security
     Status : final
     Issued : 2009-07-08 23:00:00
       Bugs : 509125 - None
	    : 509375 - None
       CVEs : CVE-2009-1890
	    : CVE-2009-1891
Description : Important: httpd security update  \The Apache HTTP Server is a
            : popular Web server.  A denial of service flaw was
            : found in the Apache mod_proxy module when it was
            : used as a reverse proxy. A remote attacker could
            : use this flaw to force a proxy process to consume
            : large amounts of CPU time. (CVE-2009-1890)  A
            : denial of service flaw was found in the Apache
            : mod_deflate module. This module continued to
            : compress large files until compression was
            : complete, even if the network connection that
            : requested the content was closed before
            : compression completed. This would cause
            : mod_deflate to consume large amounts of CPU if
            : mod_deflate was enabled for a large file.
            : (CVE-2009-1891)  All httpd users should upgrade to
            : these updated packages, which contain backported
            : patches to correct these issues. After installing
            : the updated packages, the httpd daemon must be
            : restarted for the update to take effect.
      Files : mod_ssl-2.2.3-22.el5_3.2.x86_64.rpm
	    : httpd-devel-2.2.3-22.el5_3.2.i386.rpm
	    : httpd-2.2.3-22.el5_3.2.x86_64.rpm
	    : httpd-devel-2.2.3-22.el5_3.2.x86_64.rpm
	    : httpd-manual-2.2.3-22.el5_3.2.x86_64.rpm
	    : mod_ssl-2.2.3-22.el5_3.2.i386.rpm
	    : httpd-2.2.3-22.el5_3.2.i386.rpm
	    : httpd-manual-2.2.3-22.el5_3.2.i386.rpm
info-security done

To get an info list of the latest packages which contain fixes for Bugzilla 3595; CVE # CVE-2009-1890 and advisories RHSA-2009:1148-1, use:
# yum --bz 3595 --cve CVE-2009-1890 --advisory RHSA-2009:1148-1 info updates

How Do I Install All The Security Updates Only?

Type the following command to download and install all the available security updates:
# yum update --security

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 21 comments… read them below or add one }

1 hywl51 July 10, 2009 at 2:24 am

After install the yum-security, when I run the command: yum list-security and get the following info:

yum list-security
usage: yum [options]

options:
-h, –help show this help message and exit
-t, –tolerant be tolerant of errors
-C run entirely from cache, don’t update cache
-c [config file] config file location
-R [minutes] maximum command wait time
-d [debug level] debugging output level
-e [error level] error output level
-q, –quiet quiet operation
-v, –verbose verbose operation
-y answer yes for all questions
–version show Yum version and exit
–installroot=[path] set install root
–enablerepo=[repo] enable one or more repositories (wildcards allowed)
–disablerepo=[repo] disable one or more repositories (wildcards allowed)
-x [package], –exclude=[package]
exclude package(s) by name or glob
–disableexcludes=[repo]
disable exclude from main, for a repo or for
everything
–obsoletes enable obsoletes processing during updates
–noplugins disable Yum plugins
–nogpgcheck disable gpg signature checking
–disableplugin=[plugin]
disable plugins by name

It’s seem the plugin wast not working. OS is CentOS release 5 (Final).

Reply

2 nixCraft July 10, 2009 at 5:15 am

This plugin only works with CentOS v5.1 / RHEL v5.1 / Fedora v7 or above.

Reply

3 Jonathan Matthews April 21, 2010 at 4:29 pm

This plugin appears to have no effect on CentOS 5.2, 5.3 or 5.4 installed from DVD iso. Tested today, 21/04/10.

It installs fine, but indicates that none of the (5.4: 58; 5.3/2: >100) packages are “security relevant”.

Shame.

Reply

4 ashwani July 10, 2009 at 10:40 am

nice info i”ll try this out

Reply

5 AG July 10, 2009 at 11:30 am

Great, Thanks to all for nice inf……

Reply

6 Tapas Mallick July 10, 2009 at 12:59 pm

Hi Vivek,

Will you please post an article on “How to create CentOS 5.x local repository for internal systems with CD/DVD RPMs, createrepo and rsync”

Regards,
Tapas

Reply

7 nixCraft July 10, 2009 at 1:58 pm

@ Tapas,

Added to queue .. watch out faq section for further update but no ETA ;)

Reply

8 jack July 11, 2009 at 12:01 am

should be made also for CentOS v5.1 >

Reply

9 alireza sadeh seighalan July 13, 2009 at 8:11 pm

hi dear

your tutorial is amazing.thanks for your kind of help

Reply

10 kunal July 20, 2009 at 12:12 pm

Will this plugin work with Centos5.2 64bit.

Reply

11 Adrian July 29, 2009 at 3:52 pm

i’m not sure, but i think this plugin only works in RedHat, never in CentOS.

http://lists.centos.org/pipermail/centos/2009-March/072918.html

Regards!

Reply

12 Todd November 18, 2009 at 12:29 am

By default, YUM has plugins disabled. Change your YUM.CONF to include plugins=1 if you are getting the usage error.

Reply

13 Stefan Lasiewski December 18, 2009 at 8:26 pm

yum-security does not work in CentOS. They are working on it, but the infrastructure to support the fasttrack rpms is not fully functional yet.

See this thread for details:

Link

Reply

14 DontForget September 19, 2012 at 11:41 pm

The “yum security” plugin does work on CentOS.

The setup is a little involved though.

Reply

15 jazzy jeph March 26, 2010 at 4:10 pm

Worked well on Fedora 12, thanks

Reply

16 jack April 22, 2010 at 3:50 am

Are there similar options for Ubuntu?

Reply

17 Eric Zhu December 3, 2011 at 9:49 am

That’s great.For some internal security principle , all the RHEL systems under my administration are only allowed to install the security relevant patches manually.This plugin can help me figure out the rpm packages mentioned in a certain advisory ID.Will to learn more about syntax of this command.

Reply

18 Abhi May 9, 2012 at 1:23 pm

Any way to run this on a server with no internet access..
[ofcourse copy the relevant repository updates manually via scp or similar..]

Reply

19 Martin October 16, 2012 at 9:20 am

It is running but NOT working!!!!
It never reports ANY security update. But that’s wrong. I had many on my system on CentOS 5.8.

Reply

20 Iyappan V January 14, 2013 at 12:36 pm

What are the steps required to perform security patches in Oracle Entreprise Linux 5.6.
Can I use the above steps to perform the same in OEL Servers

Reply

21 Cletus January 31, 2013 at 1:30 pm

DUDE! Yuda man! Works perfectly in Centos 6.2 and 6.3. Thank you!

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: