Ref: http://magazine.redhat.com/2008/01/16/tips-and-tricks-yum-security/
Ref: http://www.cyberciti.biz/faq/redhat-fedora-centos-linux-yum-installs-security-updates/
Install Plugin
Type the following command:
# yum install yum-security
How Do I Display Available Security Updates?
Type the following command:
# yum list-security
Sample Outputs:
Loaded plugins: rhnplugin, security RHSA-2009:1148-1 security httpd-2.2.3-22.el5_3.2.x86_64 RHSA-2009:1148-1 security httpd-devel-2.2.3-22.el5_3.2.i386 RHSA-2009:1148-1 security httpd-manual-2.2.3-22.el5_3.2.x86_64 RHSA-2009:1148-1 security mod_ssl-1:2.2.3-22.el5_3.2.x86_64 list-security done
To list all updates that are security relevant, and get a reutrn code on whether there are security updates use:
# yum --security check-update
To get a list of all BZs that are fixed for packages you have installed use:
# yum list-security bugzillas
To get the information on advisory RHSA-2009:1148-1 use:
# yum info-security RHSA-2009:1148-1
Sample Outputs:
Loaded plugins: rhnplugin, security
===============================================================================
RHSA-2009:1148
===============================================================================
Update ID : RHSA-2009:1148-1
Release :
Type : security
Status : final
Issued : 2009-07-08 23:00:00
Bugs : 509125 - None
: 509375 - None
CVEs : CVE-2009-1890
: CVE-2009-1891
Description : Important: httpd security update \The Apache HTTP Server is a
: popular Web server. A denial of service flaw was
: found in the Apache mod_proxy module when it was
: used as a reverse proxy. A remote attacker could
: use this flaw to force a proxy process to consume
: large amounts of CPU time. (CVE-2009-1890) A
: denial of service flaw was found in the Apache
: mod_deflate module. This module continued to
: compress large files until compression was
: complete, even if the network connection that
: requested the content was closed before
: compression completed. This would cause
: mod_deflate to consume large amounts of CPU if
: mod_deflate was enabled for a large file.
: (CVE-2009-1891) All httpd users should upgrade to
: these updated packages, which contain backported
: patches to correct these issues. After installing
: the updated packages, the httpd daemon must be
: restarted for the update to take effect.
Files : mod_ssl-2.2.3-22.el5_3.2.x86_64.rpm
: httpd-devel-2.2.3-22.el5_3.2.i386.rpm
: httpd-2.2.3-22.el5_3.2.x86_64.rpm
: httpd-devel-2.2.3-22.el5_3.2.x86_64.rpm
: httpd-manual-2.2.3-22.el5_3.2.x86_64.rpm
: mod_ssl-2.2.3-22.el5_3.2.i386.rpm
: httpd-2.2.3-22.el5_3.2.i386.rpm
: httpd-manual-2.2.3-22.el5_3.2.i386.rpm
info-security done
Ref:http://www.cyberciti.biz/faq/redhat-fedora-centos-linux-yum-installs-security-updates/
To get an info list of the latest packages which contain fixes for Bugzilla 3595; CVE # CVE-2009-1890 and advisories RHSA-2009:1148-1, use:
# yum --bz 3595 --cve CVE-2009-1890 --advisory RHSA-2009:1148-1 info updates
How Do I Install All The Security Updates Only?
Type the following command to download and install all the available security updates:
# yum update --security