How to limit yum so that it lists or installs only Security Updates in Linux Server?

Install the yum-security plugin. It is now possible to limit yum to install only security updates  using Red Hat Enterprise Linux 5,6, and 7

Install the yum-security pluginIt is now possible to limit yum to install only security updates  using Red Hat Enterprise Linux 5,6, and 7. To do so, simply install the yum-security plugin:

For Red Hat Enterprise Linux 7

The plugin is already a part of yum itself, no need to install anything.

For Red Hat Enterprise Linux 6

# yum install yum-plugin-security

For Red Hat Enterprise Linux 5

# yum install yum-security

Alternatively, download the yum-security package from the Red Hat Network (RHN) and manually install it on the system.

For Red Hat Enterprise Linux 6 and 7

Using yum-security plugin

To list all available erratas without installing them, run:

# yum updateinfo list available

To list all available security updates without installing them, run:

# yum updateinfo list security all
# yum updateinfo list sec

To get a list of the currently installed security updates this command can be used:

# yum updateinfo list security installed
For Red Hat Enterprise Linux 5

Using yum-security plugin

To list all available erratas without installing them, run:

# yum list-sec

To list all available security updates without installing them, run:

# yum list-security –security

For both Red Hat Enterprise Linux 5, 6, and 7

To list all available security updates with verbose descriptions of the issues they apply to:

# yum info-sec

Run the following command to download and apply all available security updates from Red Hat Network hosted or Red Hat  Network Satellite:

# yum -y update –security

NOTE: It will install the last version available of any package with at least one security errata thus can install non-security erratas if they provide a more updated version of the package.

To only install the packages that have a security errata use
# yum update-minimal –security -y

yum-security also allows installing security updates based on the CVE reference of the issue. To install a security update  using a CVE reference run:

# yum update –cve

e.g.

# yum update –cve CVE-2008-0947

Viewing available advisories by severities:

# yum updateinfo list

This system is receiving updates from RHN Classic or RHN Satellite.
RHSA-2014:0159 Important/Sec. kernel-headers-2.6.32-431.5.1.el6.x86_64
RHSA-2014:0164 Moderate/Sec.  mysql-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec.  mysql-devel-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec.  mysql-libs-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec.  mysql-server-5.1.73-3.el6_5.x86_64
RHBA-2014:0158 bugfix         nss-sysinit-3.15.3-6.el6_5.x86_64
RHBA-2014:0158 bugfix         nss-tools-3.15.3-6.el6_5.x86_64

If you want to apply only one specific advisory:

# yum update –advisory=RHSA-2014:0159

However, if you would like to know more information about this advisory before to apply it:

# yum updateinfo RHSA-2014:0159

For more commands consult the manual pages of yum-security with

# man yum-security

 

Author: Khaja Ehteshamuddin

I am a Linux admin who believes in Hard work, Likes to share knowledge with others. At present I work as Sr. System Administrator at Hyderabad

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s