How do I only list or install only security updates under RHEL 5.x or CentOS Linux server? How do I find out security updates descriptions such as CVE, bugs, issued date and type for each patch?
You can easily find out security patches related information using yum-security plugin. This plugin adds the options –security, –cve, –bz and –advisory flags to yum and the list-security and info-security commands. The options make it possible to limit list/upgrade of packages to specific security relevant ones. The commands give you the security information.
Type the following command:
# yum install yum-security
How Do I Display Available Security Updates?
Type the following command:
# yum list-security
Loaded plugins: rhnplugin, security RHSA-2009:1148-1 security httpd-2.2.3-22.el5_3.2.x86_64 RHSA-2009:1148-1 security httpd-devel-2.2.3-22.el5_3.2.i386 RHSA-2009:1148-1 security httpd-manual-2.2.3-22.el5_3.2.x86_64 RHSA-2009:1148-1 security mod_ssl-1:2.2.3-22.el5_3.2.x86_64 list-security done
To list all updates that are security relevant, and get a reutrn code on whether there are security updates use:
# yum --security check-update
To get a list of all BZs that are fixed for packages you have installed use:
# yum list-security bugzillas
To get the information on advisory RHSA-2009:1148-1 use:
# yum info-security RHSA-2009:1148-1
Loaded plugins: rhnplugin, security =============================================================================== RHSA-2009:1148 =============================================================================== Update ID : RHSA-2009:1148-1 Release : Type : security Status : final Issued : 2009-07-08 23:00:00 Bugs : 509125 - None : 509375 - None CVEs : CVE-2009-1890 : CVE-2009-1891 Description : Important: httpd security update The Apache HTTP Server is a : popular Web server. A denial of service flaw was : found in the Apache mod_proxy module when it was : used as a reverse proxy. A remote attacker could : use this flaw to force a proxy process to consume : large amounts of CPU time. (CVE-2009-1890) A : denial of service flaw was found in the Apache : mod_deflate module. This module continued to : compress large files until compression was : complete, even if the network connection that : requested the content was closed before : compression completed. This would cause : mod_deflate to consume large amounts of CPU if : mod_deflate was enabled for a large file. : (CVE-2009-1891) All httpd users should upgrade to : these updated packages, which contain backported : patches to correct these issues. After installing : the updated packages, the httpd daemon must be : restarted for the update to take effect. Files : mod_ssl-2.2.3-22.el5_3.2.x86_64.rpm : httpd-devel-2.2.3-22.el5_3.2.i386.rpm : httpd-2.2.3-22.el5_3.2.x86_64.rpm : httpd-devel-2.2.3-22.el5_3.2.x86_64.rpm : httpd-manual-2.2.3-22.el5_3.2.x86_64.rpm : mod_ssl-2.2.3-22.el5_3.2.i386.rpm : httpd-2.2.3-22.el5_3.2.i386.rpm : httpd-manual-2.2.3-22.el5_3.2.i386.rpm info-security done
To get an info list of the latest packages which contain fixes for Bugzilla 3595; CVE # CVE-2009-1890 and advisories RHSA-2009:1148-1, use:
# yum --bz 3595 --cve CVE-2009-1890 --advisory RHSA-2009:1148-1 info updates
How Do I Install All The Security Updates Only?
Type the following command to download and install all the available security updates:
# yum update --security