yum-security(8)yum-security(8)NAME
yum security plugin
SYNOPSIS
yum [options] [command] [package ...]
DESCRIPTION
This plugin extends yum to allow lists and updates to be limited using
security relevant criteria
added yum commands are:
yum update-minimal
This works like the update command, but if you have the the package
foo-1 installed and have foo-2 and foo-3 available with updateinfo.xml
then update-minimal will update you to foo-3.
yum updateinfo info
yum updateinfo list
yum updateinfo summary
all of the last three take these sub-commands:
yum updateinfo * all
yum updateinfo * available
yum updateinfo * installed
yum updateinfo * updates
and then:
* <advisory> [advisory...]
* <package>
* bugzillas
* cves
* enhancement
* security
* new-packages
all Is used to display information about both install and available
advisories.
available
Is used to display information about just available advisories.
This is the default.
installed
Is used to display information about just install advisories.
updates
This is mostly the same as "available" but it only shows advi‐
sory information for packages that can be updated to.
<advisory> [advisory...]
Is used to display information about one or more advisories.
<package> [package...]
Is used to display information about one or more packages.
list Is used to list all of the relevant errata notice information,
from the updateinfo.xml data in yum. This includes bugzillas,
CVEs, security updates and new.
info Is used to show all the errata notice information, from the
updateinfo.xml data in yum. This includes bugzillas, CVEs, secu‐
rity updates and new.
list Is used to list all of the relevant errata notice information,
from the updateinfo.xml data in yum. This includes bugzillas,
CVEs, security updates and new.
bugzillas / bzs
Is the subset of the updateinfo information, pertaining to the
bugzillas.
cves Is the subset of the updateinfo information, pertaining to the
CVEs.
security / sec
Is the subset of the updateinfo information, pertaining to secu‐
rity.
bugfix Is the subset of the updateinfo information, pertaining to bug‐
fixes.
enhancement
Is the subset of the updateinfo information, pertaining to
enhancements.
recommended
Is the subset of the updateinfo information, pertaining to rec‐
ommended updates.
new-packages
Is the subset of the updateinfo information, pertaining to new
packages. These are packages which weren't available at the ini‐
tial release of your distribution.
GENERAL OPTIONS
There are four options added to yum that are available in the "list
updates", "info updates", "check-update" and "update" commands. They
are:
--advisory
This option includes packages coresponding to the advisory ID,
Eg. FEDORA-2201-123.
--bz This option includes packages that say they fix a Bugzilla ID,
Eg. 123.
--cve This option includes packages that say they fix a CVE - Common
Vulnerabilities and Exposures ID (http://cve.mitre.org/about/),
Eg. CVE-2201-0123.
--bugfixes
This option includes packages that say they fix a bugfix issue.
--security
This option includes packages that say they fix a security
issue.
EXAMPLES
To list all updates that are security relevant, and get a reutrn code
on whether there are security updates use:
yum --security check-update
To upgrade packages that have security errata (upgrades to the latest
available package) use:
yum --security update
To upgrade packages that have security errata (upgrades to the last
security errata package) use:
yum --security update-minimal
To get a list of all BZs that are fixed for packages you have installed
use:
yum updateinfo list bugzillas
To get a list of all security advisoryies, including the ones you have
already installed use:
yum updateinfo list all security
To get the information on advisory FEDORA-2707-4567 use:
yum updateinfo info FEDORA-2707-4567
To update packages to the latest version which contain fixes for
Bugzillas 123, 456 and 789; and all security updates use:
yum --bz 123 --bz 456 --bz 789 --security update
To update to the packages which just update Bugzillas 123, 456 and 789;
and all security updates use:
yum --bz 123 --bz 456 --bz 789 --security update-minimal
To get an info list of the latest packages which contain fixes for
Bugzilla 123; CVEs CVE-2207-0123 and CVE-2207-3210; and Fedora advi‐
sories FEDORA-2707-4567 and FEDORA-2707-7654 use:
yum --bz 123 --cve CVE-2207-0123 --cve CVE-2207-3210 --advisory
FEDORA-2707-4567 --advisory FEDORA-2707-7654 info updates
To get a list of packages which are "new".
yum updateinfo list new
To get a summary of advisories you haven't installed yet use:
yum updateinfo summary
SEE ALSO
yum (8)
yum.conf (5)
AUTHORS
James Antill <james.antill@redhat.com>.
BUGS
The update-minimal command ignores the --obsoletes flag.
The update-minimal command can only directly affect things atm., so if
you update pkgA minimally but that requires an update to pkgB then pkgB
will be updated to the newest version by the depsolver. Also the above
will happen even if you've also minimally updated pkgB, if either the
direct (minimal) update for pkgB happens after or if the minimal update
for pkgB doesn't satisy the requirements of pkgA.
The main "problem" is that if the data is not correct the plugin cannot
work correctly. For instance "--bz 123" will not fix BZ 123 if a pack‐
age is updated to fix that BZ without referencing that it does so in
the updateinfo.xml.
James Antill 12 April 2007 yum-security(8)