RedHat Packaging Security with yum
Date: June 29, 2015
Categories: Linux
RedHat comes with a mitigated package called RHSA (RedHat security advisory)
This RHSA comes with a unique id like CVE Contain the date of fix and these type packages come for the applications that shipped from RedHat
Example RHSA-2015:0291
For listing available updates for application
|
1 2 3 4 5 |
yum updateinfo list openssl FEDORA-2015-0512 security openssl-1:1.0.1k-1.fc21.x86_64 FEDORA-2015-4303 security openssl-1:1.0.1k-6.fc21.x86_64 FEDORA-2015-10108 security openssl-1:1.0.1k-10.fc21.x86_64 |
For quick installation to security batches
|
1 |
yum update --security |
Get sure that you installed yum-security plugin first
To install batches for a specified RHSA u can use this
|
1 |
yum update --advisory=rhsa |
Or batch updates for a specified CVE
|
1 |
yum update --cve=CVE |
example
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
yum updateinfo FEDORA-2015-9599 Loaded plugins: langpacks =============================================================================== qemu-2.1.3-8.fc21 =============================================================================== Update ID : FEDORA-2015-9599 Release : Fedora 21 Type : security Status : stable Issued : 2015-06-07 09:00:34 Bugs : 1151253 - User interface freezes when entering space character in Xfig : 1213053 - Backport {Haswell,Broadwell}-noTSX cpu models : 1222894 - qemu: insecure temporary file use in /net/slirp.c [fedora-all] : 1222892 - CVE-2015-4037 qemu: insecure temporary file use in /net/slirp.c Description : * User interface freezes when entering space character in Xfig : (bz #1151253) : * CVE-2015-4037: insecure temporary file use in : /net/slirp.c (bz #1222894) : * Backport {Haswell,Broadwell}-noTSX cpu models : (bz #1213053) updateinfo info done [root@localhost ~]# yum update --bzs=1222892,1222894,1213053,1151253 --cves=CVE-2015-4037 Loaded plugins: langpacks --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================== Package Arch Version Repository Size ===================================================================================================== Updating: libcacard x86_64 2:2.1.3-8.fc21 updates 73 k qemu-common x86_64 2:2.1.3-8.fc21 updates 258 k qemu-guest-agent x86_64 2:2.1.3-8.fc21 updates 157 k qemu-img x86_64 2:2.1.3-8.fc21 updates 586 k qemu-kvm x86_64 2:2.1.3-8.fc21 updates 53 k qemu-system-x86 x86_64 2:2.1.3-8.fc21 updates 3.6 M Transaction Summary ===================================================================================================== Upgrade 6 Packages Total download size: 4.7 M Is this ok [y/d/N]: y Downloading packages: Delta RPMs reduced 331 k of updates to 172 k (47% saved) (1/6): libcacard-2.1.2-6.fc21_2.1.3-8.fc21.x86_64.drpm | 53 kB 00:00:01 (2/6): qemu-kvm-2.1.3-8.fc21.x86_64.rpm | 53 kB 00:00:01 (3/6): qemu-guest-agent-2.1.3-8.fc21.x86_64.rpm | 157 kB 00:00:03 (4/6): qemu-img-2.1.3-8.fc21.x86_64.rpm | 586 kB 00:00:05 (5/6): qemu-common-2.1.2-6.fc21_2.1.3-8.fc21.x86_64.drpm | 119 kB 00:00:07 (6/6): qemu-system-x86-2.1.3-8.fc21.x86_64.rpm | 3.6 MB 00:00:24 ----------------------------------------------------------------------------------------------------- Total 183 kB/s | 4.6 MB 00:00:25 Running transaction check Running transaction test Transaction test succeeded Running transaction (shutdown inhibited) Updating : 2:qemu-common-2.1.3-8.fc21.x86_64 1/12 Updating : 2:qemu-system-x86-2.1.3-8.fc21.x86_64 2/12 Updating : 2:qemu-kvm-2.1.3-8.fc21.x86_64 3/12 Updating : 2:qemu-img-2.1.3-8.fc21.x86_64 4/12 Updating : 2:libcacard-2.1.3-8.fc21.x86_64 5/12 Updating : 2:qemu-guest-agent-2.1.3-8.fc21.x86_64 6/12 Cleanup : 2:qemu-kvm-2.1.2-6.fc21.x86_64 7/12 Cleanup : 2:qemu-system-x86-2.1.2-6.fc21.x86_64 8/12 Cleanup : 2:qemu-common-2.1.2-6.fc21.x86_64 9/12 Cleanup : 2:qemu-img-2.1.2-6.fc21.x86_64 10/12 Cleanup : 2:libcacard-2.1.2-6.fc21.x86_64 11/12 Cleanup : 2:qemu-guest-agent-2.1.2-6.fc21.x86_64 12/12 Verifying : 2:qemu-guest-agent-2.1.3-8.fc21.x86_64 1/12 Verifying : 2:qemu-system-x86-2.1.3-8.fc21.x86_64 2/12 Verifying : 2:libcacard-2.1.3-8.fc21.x86_64 3/12 Verifying : 2:qemu-kvm-2.1.3-8.fc21.x86_64 4/12 Verifying : 2:qemu-img-2.1.3-8.fc21.x86_64 5/12 Verifying : 2:qemu-common-2.1.3-8.fc21.x86_64 6/12 Verifying : 2:qemu-kvm-2.1.2-6.fc21.x86_64 7/12 Verifying : 2:libcacard-2.1.2-6.fc21.x86_64 8/12 Verifying : 2:qemu-img-2.1.2-6.fc21.x86_64 9/12 Verifying : 2:qemu-guest-agent-2.1.2-6.fc21.x86_64 10/12 Verifying : 2:qemu-system-x86-2.1.2-6.fc21.x86_64 11/12 Verifying : 2:qemu-common-2.1.2-6.fc21.x86_64 12/12 Updated: libcacard.x86_64 2:2.1.3-8.fc21 qemu-common.x86_64 2:2.1.3-8.fc21 qemu-guest-agent.x86_64 2:2.1.3-8.fc21 qemu-img.x86_64 2:2.1.3-8.fc21 qemu-kvm.x86_64 2:2.1.3-8.fc21 qemu-system-x86.x86_64 2:2.1.3-8.fc21 Complete! |
Very important to get sure of the new updated pushed to the system is compatible with the running software and your production environment it may install a new version of the software
We will take later about backporting and advanced package verification
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Leave a Reply