Shulou(Shulou.com)06/01 Report--

How to check the available security updates on CentOS or RHEL systems? I believe many inexperienced people don't know what to do about it. Therefore, this article summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

When you update your system, depending on your company's security policy, sometimes only security-related patches may be needed. In most cases, this should be due to program compatibility considerations. So how to put it into practice? Is there any way to get yum to install only security patches?

The answer is yes, which can be easily achieved with the yum package manager.

In this article, we will not only provide the necessary information. Also, we will introduce some additional commands that can help you get detailed information about specified security updates.

Hopefully this will inspire you to understand and fix the holes in your list. Once a security vulnerability is announced, the affected software must be updated to reduce the security risk in the system.

For RHEL or CentOS 6 systems, run the following Yum command to install the yum security plug-in.

# yum- y install yum-plugin-security

This plug-in is already part of yum and does not need to be installed separately on RHEL 7 / 8 or CentOS 7 / 8.

To list all available patches (including security, Bug fixes, and product improvements), but do not install them:

# yum updateinfo list availableLoaded plugins: changelog, package_upload, product-id, search-disabled-repos,: subscription-manager, verify, versionlockRHSA-2014:1031 Important/Sec. 389-ds-base-1.3.1.6-26.el7_0.x86_64RHSA-2015:0416 Important/Sec. 389-ds-base-1.3.3.1-13.el7.x86_64RHBA-2015:0626 bugfix 389-ds-base-1.3.3.1-15.el7_1.x86_64RHSA-2015:0895 Important/Sec. 389-ds-base-1.3.3.1-16.el7_1.x86_64RHBA-2015:1554 bugfix 389-ds-base-1.3.3.1-20.el7_1.x86_64RHBA-2015:1960 bugfix 389-ds-base-1.3.3.1-23.el7_1.x86_64RHBA-2015:2351 bugfix 389-ds-base-1.3.4.0-19.el7.x86_64RHBA-2015: 2572 bugfix 389-ds-base-1.3.4.0-21.el7_2.x86_64RHSA-2016:0204 Important/Sec. 389-ds-base-1.3.4.0-26.el7_2.x86_64RHBA-2016:0550 bugfix 389-ds-base-1.3.4.0-29.el7_2.x86_64RHBA-2016:1048 bugfix 389-ds-base-1.3.4.0-30.el7_2.x86_64RHBA-2016:1298 bugfix 389-ds-base-1.3.4.0-32.el7_2.x86_64

To count the approximate number of patches, run the following command:

# yum updateinfo list available | wc-l11269

To list all available security patches but not install them, the following command is used to show the recommended patches installed and to be installed on your system:

# yum updateinfo list security allLoaded plugins: changelog, package_upload, product-id, search-disabled-repos,: subscription-manager, verify, versionlock RHSA-2014:1031 Important/Sec. 389-ds-base-1.3.1.6-26.el7_0.x86_64 RHSA-2015:0416 Important/Sec. 389-ds-base-1.3.3.1-13.el7.x86_64 RHSA-2015:0895 Important/Sec. 389-ds-base-1.3.3.1-16.el7_1.x86_64 RHSA-2016:0204 Important/Sec. 389-ds-base-1.3.4.0-26.el7_2.x86_64 RHSA-2016:2594 Moderate/Sec. 389-ds-base-1.3.5.10-11.el7.x86_64 RHSA-2017:0920 Important/Sec. 389-ds-base-1.3.5.10-20.el7_3.x86_64 RHSA-2017:2569 Moderate/Sec. 389-ds-base-1.3.6.1-19.el7_4.x86_64 RHSA-2018:0163 Important/Sec. 389-ds-base-1.3.6.1-26.el7_4.x86_64 RHSA-2018:0414 Important/Sec. 389-ds-base-1.3.6.1-28.el7_4.x86_64 RHSA-2018:1380 Important/Sec. 389-ds-base-1.3.7.5-21.el7_5.x86_64 RHSA-2018:2757 Moderate/Sec. 389-ds-base-1.3.7.5-28.el7_5.x86_64 RHSA-2018:3127 Moderate/Sec. 389-ds-base-1.3.8.4-15.el7.x86_64 RHSA-2014:1031 Important/Sec. 389-ds-base-libs-1.3.1.6-26.el7_0.x86_64

To display all security patches to be installed:

# yum updateinfo list security all | grep-v "I" RHSA-2014:1031 Important/Sec. 389-ds-base-1.3.1.6-26.el7_0.x86_64 RHSA-2015:0416 Important/Sec. 389-ds-base-1.3.3.1-13.el7.x86_64 RHSA-2015:0895 Important/Sec. 389-ds-base-1.3.3.1-16.el7_1.x86_64 RHSA-2016:0204 Important/Sec. 389-ds-base-1.3.4.0-26.el7_2.x86_64 RHSA-2016:2594 Moderate/Sec. 389-ds-base-1.3.5.10-11.el7.x86_64 RHSA-2017:0920 Important/Sec. 389-ds-base-1.3.5.10-20.el7_3.x86_64 RHSA-2017:2569 Moderate/Sec. 389-ds-base-1.3.6.1-19.el7_4.x86_64 RHSA-2018:0163 Important/Sec. 389-ds-base-1.3.6.1-26.el7_4.x86_64 RHSA-2018:0414 Important/Sec. 389-ds-base-1.3.6.1-28.el7_4.x86_64 RHSA-2018:1380 Important/Sec. 389-ds-base-1.3.7.5-21.el7_5.x86_64 RHSA-2018:2757 Moderate/Sec. 389-ds-base-1.3.7.5-28.el7_5.x86_64

To count the approximate number of all security patches, run the following command:

# yum updateinfo list security all | wc-l3522

The following is a list of updatable security patches based on installed software. This includes bugzilla (bug repair), CVE (well-known vulnerability database), security updates, and so on:

# yum updateinfo list security or # yum updateinfo list sec Loaded plugins: changelog, package_upload, product-id, search-disabled-repos,: subscription-manager, verify, versionlock RHSA-2018:3665 Important/Sec. NetworkManager-1:1.12.0-8.el7_6.x86_64RHSA-2018:3665 Important/Sec. NetworkManager-adsl-1:1.12.0-8.el7_6.x86_64RHSA-2018:3665 Important/Sec. NetworkManager-bluetooth-1:1.12.0-8.el7_6.x86_64RHSA-2018:3665 Important/Sec. NetworkManager-config-server-1:1.12.0-8.el7_6.noarchRHSA-2018:3665 Important/Sec. NetworkManager-glib-1:1.12.0-8.el7_6.x86_64RHSA-2018:3665 Important/Sec. NetworkManager-libnm-1:1.12.0-8.el7_6.x86_64RHSA-2018:3665 Important/Sec. NetworkManager-ppp-1:1.12.0-8.el7_6.x86_64RHSA-2018:3665 Important/Sec. NetworkManager-team-1:1.12.0-8.el7_6.x86_64RHSA-2018:3665 Important/Sec. NetworkManager-tui-1:1.12.0-8.el7_6.x86_64RHSA-2018:3665 Important/Sec. NetworkManager-wifi-1:1.12.0-8.el7_6.x86_64RHSA-2018:3665 Important/Sec. NetworkManager-wwan-1:1.12.0-8.el7_6.x86_64

Show all security-related updates and return a result to tell you if patches are available:

# yum-security check-updateLoaded plugins: changelog, package_upload, product-id, search-disabled-repos, subscription-manager, verify Versionlockrhel-7-server-rpms | 2.0 kB 00 20.el7.x86_64 from rhel-7-server-rpms excluded 0000 policycoreutils-devel-2.2.5-> 20.el7.x86_64 from rhel-7-server-rpms excluded (updateinfo)-> smc-raghumalayalam-fonts-6 .0-7.el7.noarch from rhel-7-server-rpms excluded (updateinfo)-- > amanda-server-3.3.3-17.el7.x86_64 from rhel-7-server-rpms excluded (updateinfo)-- > 389-ds-base-libs-1.3.4.0-26.el7_2.x86_64 from rhel-7-server-rpms excluded (updateinfo)-- > 1:cups-devel-1.6.3-26.el7.i686 from rhel-7-server-rpms Excluded (updateinfo)-> openwsman-client-2.6.3-3.git4391e5c.el7.i686 from rhel-7-server-rpms excluded (updateinfo)-- > 1:emacs-24.3-18.el7.x86_64 from rhel-7-server-rpms excluded (updateinfo)-- > augeas-libs-1.4.0-2.el7_4.2.i686 from rhel-7-server-rpms excluded (updateinfo)-- > samba-winbind-modules-4.2.3-10.el7.i686 From rhel-7-server-rpms excluded (updateinfo)-- > tftp-5.2-11.el7.x86_64 from rhel-7-server-rpms excluded (updateinfo) .35 package (s) needed for security Out of 115 availableNetworkManager.x86_64 1 10.el7_6 rhel-7-server-rpmsNetworkManager-adsl.x86_64 1.12.0-10.el7_6 rhel-7-server-rpmsNetworkManager-bluetooth.x86_64 1 10.el7_6 rhel-7-server-rpmsNetworkManager-bluetooth.x86_64 1.12.0-10.el7_6 rhel-7-server- RpmsNetworkManager-config-server.noarch 1vl 1.12.0-10.el7_6 rhel-7-server-rpmsNetworkManager-glib.x86_64 1v 1.12.0-10.el7_6 rhel-7-server-rpmsNetworkManager-libnm.x86_64 1v 1.12.0-10.el7_6 rhel-7-server-rpmsNetworkManager-ppp.x86_ 64 1 1.12.0-10.el7_6 rhel-7-server-rpms

List all available security patches and display their details:

# yum info-sec..==== tzdata bugfix and enhancement update==== Update ID: RHBA-2019:0689 Release: 0 Type: bugfix Status: final Issued: 2019-03-28 19:27:44 UTCDescription: The tzdata packages contain data files with rules for various: time zones. :: The tzdata packages have been updated to version: 2019a, which addresses recent time zone changes. : Notably: * The Asia/Hebron and Asia/Gaza zones will start: DST on 2019-03-30, rather than 2019-03-23 as: previously predicted. : * Metlakatla rejoined Alaska time on 2019-01-20,: ending its observances of Pacific standard time. : (BZ#1692616, BZ#1692615, BZ#1692816):: Users of tzdata are advised to upgrade to these: updated packages. Severity: None

If you want to know the details of an update, you can run the following command:

# yum updateinfo RHSA-2019:0163 Loaded plugins: changelog, package_upload, product-id, search-disabled-repos, subscription-manager, verify, versionlockrhel-7-server-rpms | 2.0kB 00VOV 00VOV 00VOBULING = Important: kernel security, bug fix And enhancement update==== Update ID: RHSA-2019:0163 Release: 0 Type: security Status: final Issued: 2019-01-29 15:21:23 UTC Updated: 2019-01-29 15:23:47 UTC Bugs: 1641548-CVE-2018-18397 kernel: userfaultfd bypasses tmpfs file permissions: 1641878-CVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation CVEs: CVE-2018-18397 : CVE-2018-18559Description: The kernel packages contain the Linux kernel The core of any: Linux operating system. :: Security Fix (es): * kernel: Use-after-free due to race condition in: AF_PACKET implementation (CVE-2018-18559):: * kernel: userfaultfd bypasses tmpfs file: permissions (CVE-2018-18397):: For more details about the security issue (s) Including the impact, a CVSS score, and other: related information, refer to the CVE page (s): listed in the References section. :: Bug Fix (es): These updated kernel packages include also: numerous bug fixes and enhancements. Space: precludes documenting all of the bug fixes in this: advisory. See the descriptions in the related: Knowledge Article:: https://access.redhat.com/articles/3827321 Severity: Importantupdateinfo info done

Like before, you can only query for vulnerabilities released through CVE:

# yum updateinfo list cves Loaded plugins: changelog, package_upload, product-id, search-disabled-repos,: subscription-manager, verify, versionlockCVE-2018-15688 Important/Sec. NetworkManager-1:1.12.0-8.el7_6.x86_64CVE-2018-15688 Important/Sec. NetworkManager-adsl-1:1.12.0-8.el7_6.x86_64CVE-2018-15688 Important/Sec. NetworkManager-bluetooth-1:1.12.0-8.el7_6.x86_64CVE-2018-15688 Important/Sec. NetworkManager-config-server-1:1.12.0-8.el7_6.noarchCVE-2018-15688 Important/Sec. NetworkManager-glib-1:1.12.0-8.el7_6.x86_64CVE-2018-15688 Important/Sec. NetworkManager-libnm-1:1.12.0-8.el7_6.x86_64CVE-2018-15688 Important/Sec. NetworkManager-ppp-1:1.12.0-8.el7_6.x86_64CVE-2018-15688 Important/Sec. NetworkManager-team-1:1.12.0-8.el7_6.x86_64

You can also view updates related to bug fixes and run the following command:

# yum updateinfo list bugfix | less Loaded plugins: changelog, package_upload, product-id, search-disabled-repos,: subscription-manager, verify VersionlockRHBA-2018:3349 bugfix NetworkManager-1:1.12.0-7.el7_6.x86_64RHBA-2019:0519 bugfix NetworkManager-1:1.12.0-10.el7_6.x86_64RHBA-2018:3349 bugfix NetworkManager-adsl-1:1.12.0-7.el7_6.x86_64RHBA-2019:0519 bugfix NetworkManager-adsl-1:1.12.0-10.el7_6.x86_64RHBA-2018:3349 bugfix NetworkManager-bluetooth-1:1.12.0-7. El7_6.x86_64RHBA-2019:0519 bugfix NetworkManager-bluetooth-1:1.12.0-10.el7_6.x86_64RHBA-2018:3349 bugfix NetworkManager-config-server-1:1.12.0-7.el7_6.noarchRHBA-2019:0519 bugfix NetworkManager-config-server-1:1.12.0-10.el7_6.noarch

To get a summary of the updates to be installed, run this:

# yum updateinfo summaryLoaded plugins: changelog, package_upload, product-id, search-disabled-repos, subscription-manager, verify Versionlockrhel-7-server-rpms | 2.0kB 00:00:00Updates Information Summary: updates 13 Security notice (s) 9 Important Security notice (s) 3 Moderate Security notice (s) 1 Low Security notice ( S) 35 Bugfix notice (s) 1 Enhancement notice (s) updateinfo summary done

If you only want to print out low-level security updates, run the following command. Similarly, you can query only important and medium-level security updates.

# yum updateinfo list sec | grep-I "Low" RHSA-2019:0201 Low/Sec. Libgudev1-219-62.el7_6.3.x86_64RHSA-2019:0201 Low/Sec. Systemd-219-62.el7_6.3.x86_64RHSA-2019:0201 Low/Sec. Systemd-libs-219-62.el7_6.3.x86_64RHSA-2019:0201 Low/Sec. Systemd-sysv-219-62.el7_6.3.x86_64 after reading the above, have you learned how to check for available security updates on CentOS or RHEL systems? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.