How-to – Install only security updates with Yum

Install yum-plugin-security

Type the following yum command:

# yum -y install yum-plugin-security

Sample outputs:

Loaded plugins: product-id, protectbase, rhnplugin, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
0 packages excluded due to repository protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-security.noarch 0:1.1.30-14.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================
 Package                    Arch          Version                 Repository                   Size
====================================================================================================
Installing:
 yum-plugin-security        noarch        1.1.30-14.el6           rhel-x86_64-server-6         38 k
Transaction Summary
====================================================================================================
Install       1 Package(s)
Total download size: 38 k
Installed size: 0
Downloading Packages:
yum-plugin-security-1.1.30-14.el6.noarch.rpm                                 |  38 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : yum-plugin-security-1.1.30-14.el6.noarch                                         1/1
Installed products updated.
  Verifying  : yum-plugin-security-1.1.30-14.el6.noarch                                         1/1
Installed:
  yum-plugin-security.noarch 0:1.1.30-14.el6
Complete!

Examples

To display all updates that are security relevant, and get a reutrn code on whether there are security updates enter:

# yum --security check-update

Sample outputs:

Loaded plugins: product-id, protectbase, rhnplugin, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
0 packages excluded due to repository protections
Limiting package lists to security relevant ones
2 package(s) needed for security, out of 10 available
Security: kernel-2.6.32-279.1.1.el6.x86_64 is an installed security update
Security: kernel-2.6.32-279.el6.x86_64 is the currently running version
glibc.x86_64                             2.12-1.80.el6_3.3                      rhel-x86_64-server-6
glibc-common.x86_64                      2.12-1.80.el6_3.3                      rhel-x86_64-server-6

To show a list of all BZs that are fixed for packages you have installed enter:

# yum updateinfo list bugzillas

Sample outputs:

Loaded plugins: product-id, protectbase, rhnplugin, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
0 packages excluded due to repository protections
 838956 bugfix   bind-libs-32:9.8.2-0.10.rc1.el6_3.1.x86_64
 838956 bugfix   bind-utils-32:9.8.2-0.10.rc1.el6_3.1.x86_64
 826943 security glibc-2.12-1.80.el6_3.3.x86_64
 833703 security glibc-2.12-1.80.el6_3.3.x86_64
 833704 security glibc-2.12-1.80.el6_3.3.x86_64
 837026 security glibc-2.12-1.80.el6_3.3.x86_64
 826943 security glibc-common-2.12-1.80.el6_3.3.x86_64
 833703 security glibc-common-2.12-1.80.el6_3.3.x86_64
 833704 security glibc-common-2.12-1.80.el6_3.3.x86_64
 837026 security glibc-common-2.12-1.80.el6_3.3.x86_64
 837227 bugfix   kernel-2.6.32-279.2.1.el6.x86_64
 837227 bugfix   kernel-firmware-2.6.32-279.2.1.el6.noarch
 836252 bugfix   net-snmp-libs-1:5.5-41.el6_3.1.x86_64
updateinfo list done

To get a summary of advisories you haven’t installed yet use:

# yum updateinfo summary

Sample outputs:

Loaded plugins: product-id, protectbase, rhnplugin, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
0 packages excluded due to repository protections
Updates Information Summary: available
    1 Security notice(s)
    4 Bugfix notice(s)
    1 Enhancement notice(s)
Security: kernel-2.6.32-279.1.1.el6.x86_64 is an installed security update
Security: kernel-2.6.32-279.el6.x86_64 is the currently running version
updateinfo summary done

To upgrade packages that have security errata (upgrades to the latest available package) use:

# yum --security update

Sample outputs:

Loaded plugins: product-id, protectbase, rhnplugin, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
0 packages excluded due to repository protections
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
2 package(s) needed (+0 related) for security, out of 10 available
--> Running transaction check
---> Package glibc.x86_64 0:2.12-1.80.el6 will be updated
---> Package glibc.x86_64 0:2.12-1.80.el6_3.3 will be an update
---> Package glibc-common.x86_64 0:2.12-1.80.el6 will be updated
---> Package glibc-common.x86_64 0:2.12-1.80.el6_3.3 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================
 Package              Arch           Version                     Repository                    Size
====================================================================================================
Updating:
 glibc                x86_64         2.12-1.80.el6_3.3           rhel-x86_64-server-6         3.8 M
 glibc-common         x86_64         2.12-1.80.el6_3.3           rhel-x86_64-server-6          14 M
Transaction Summary
====================================================================================================
Upgrade       2 Package(s)
Total download size: 18 M
Is this ok [y/N]:

To upgrade packages that have security errata (upgrades to the last security errata package) use:

# yum --security update-minimal