Install the yum-security plugin
It is now possible to limit yum to install only security updates using Red Hat Enterprise Linux 5,6, and 7. To do so, simply install the yum-security plugin:
For Red Hat Enterprise Linux 7
The plugin is already a part of yum itself, no need to install anything.
For Red Hat Enterprise Linux 6
# yum install yum-plugin-security
For Red Hat Enterprise Linux 5
# yum install yum-security
Alternatively, download the yum-security package from the Red Hat Network (RHN) and manually install it on the system.
For Red Hat Enterprise Linux 6 and 7
Using yum-security plugin
To list all available erratas without installing them, run:
# yum updateinfo list available
To list all available security updates without installing them, run:
# yum updateinfo list security all
# yum updateinfo list sec
To get a list of the currently installed security updates this command can be used:
# yum updateinfo list security installed
For Red Hat Enterprise Linux 5
Using yum-security plugin
To list all available erratas without installing them, run:
# yum list-sec
To list all available security updates without installing them, run:
# yum list-security --security
For both Red Hat Enterprise Linux 5, 6, and 7
To list all available security updates with verbose descriptions of the issues they apply to:
# yum info-sec
Run the following command to download and apply all available security updates from Red Hat Network hosted or Red Hat Network Satellite:
# yum -y update --security
NOTE: It will install the last version available of any package with at least one security errata thus can install non-security erratas if they provide a more updated version of the package.
To only install the packages that have a security errata use
# yum update-minimal --security -y
yum-security also allows installing security updates based on the CVE reference of the issue. To install a security update using a CVE reference run:
# yum update --cve <CVE>
e.g.
# yum update --cve CVE-2008-0947
Viewing available advisories by severities:
# yum updateinfo list
This system is receiving updates from RHN Classic or RHN Satellite.
RHSA-2014:0159 Important/Sec. kernel-headers-2.6.32-431.5.1.el6.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-devel-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-libs-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-server-5.1.73-3.el6_5.x86_64
RHBA-2014:0158 bugfix nss-sysinit-3.15.3-6.el6_5.x86_64
RHBA-2014:0158 bugfix nss-tools-3.15.3-6.el6_5.x86_64
If you want to apply only one specific advisory:
# yum update --advisory=RHSA-2014:0159
However, if you would like to know more information about this advisory before to apply it:
# yum updateinfo RHSA-2014:0159
For more commands consult the manual pages of yum-security with
# man yum-security
If you face any missing dependency issue while applying security patches on system then refer to yum update --security fails with missing dependency errors.
It is now possible to limit yum to install only security updates using Red Hat Enterprise Linux 5,6, and 7. To do so, simply install the yum-security plugin:
For Red Hat Enterprise Linux 7
The plugin is already a part of yum itself, no need to install anything.
For Red Hat Enterprise Linux 6
# yum install yum-plugin-security
For Red Hat Enterprise Linux 5
# yum install yum-security
Alternatively, download the yum-security package from the Red Hat Network (RHN) and manually install it on the system.
For Red Hat Enterprise Linux 6 and 7
Using yum-security plugin
To list all available erratas without installing them, run:
# yum updateinfo list available
To list all available security updates without installing them, run:
# yum updateinfo list security all
# yum updateinfo list sec
To get a list of the currently installed security updates this command can be used:
# yum updateinfo list security installed
For Red Hat Enterprise Linux 5
Using yum-security plugin
To list all available erratas without installing them, run:
# yum list-sec
To list all available security updates without installing them, run:
# yum list-security --security
For both Red Hat Enterprise Linux 5, 6, and 7
To list all available security updates with verbose descriptions of the issues they apply to:
# yum info-sec
Run the following command to download and apply all available security updates from Red Hat Network hosted or Red Hat Network Satellite:
# yum -y update --security
NOTE: It will install the last version available of any package with at least one security errata thus can install non-security erratas if they provide a more updated version of the package.
To only install the packages that have a security errata use
# yum update-minimal --security -y
yum-security also allows installing security updates based on the CVE reference of the issue. To install a security update using a CVE reference run:
# yum update --cve <CVE>
e.g.
# yum update --cve CVE-2008-0947
Viewing available advisories by severities:
# yum updateinfo list
This system is receiving updates from RHN Classic or RHN Satellite.
RHSA-2014:0159 Important/Sec. kernel-headers-2.6.32-431.5.1.el6.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-devel-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-libs-5.1.73-3.el6_5.x86_64
RHSA-2014:0164 Moderate/Sec. mysql-server-5.1.73-3.el6_5.x86_64
RHBA-2014:0158 bugfix nss-sysinit-3.15.3-6.el6_5.x86_64
RHBA-2014:0158 bugfix nss-tools-3.15.3-6.el6_5.x86_64
If you want to apply only one specific advisory:
# yum update --advisory=RHSA-2014:0159
However, if you would like to know more information about this advisory before to apply it:
# yum updateinfo RHSA-2014:0159
For more commands consult the manual pages of yum-security with
# man yum-security
If you face any missing dependency issue while applying security patches on system then refer to yum update --security fails with missing dependency errors.