yum-security(8)

1yum-security(8)                                                yum-security(8)
2
3
4

NAME

6       yum security plugin
7

SYNOPSIS

9       yum [options] [command] [package ...]
10

DESCRIPTION

12       This  plugin extends yum to allow lists and updates to be limited using
13       security relevant criteria
14
15       added yum commands are:
16        yum update-minimal
17
18       This works like the update command, but if you have the  package  foo-1
19       installed  and  have  foo-2  (bugfix) and foo-3 (enhancement) available
20       with updateinfo.xml then update-minimal --bugfixes will update  you  to
21       foo-2.
22
23        yum updateinfo
24        yum updateinfo info
25        yum updateinfo list
26        yum updateinfo summary
27
28       all of the last three take these sub-commands:
29        yum updateinfo * all
30        yum updateinfo * available
31        yum updateinfo * installed
32        yum updateinfo * updates
33
34       and then:
35        * <advisory> [advisory...]
36        * <package>
37        * bugzillas
38        * cves
39        * enhancement
40        * security
41        * new-packages
42
43        * updates Is used to display information about advisories for packages
44       that can be updated. This is the default.
45        * installed Is used to display information only about installed  advi‐
46       sories.
47         * available Is used to display information about advisories for pack‐
48       ages available for updating or installation.
49        * all Is used to display information about both installed  and  avail‐
50       able advisories.
51
52       <advisory> [advisory...]
53              Is used to display information about one or more advisories.
54
55       <package> [package...]
56              Is used to display information about one or more packages.
57
58       list   Is  used  to list all of the relevant errata notice information,
59              from the updateinfo.xml data in yum.  This  includes  bugzillas,
60              CVEs, security updates and new.
61
62       info   Is  used  to  show  all  the errata notice information, from the
63              updateinfo.xml data in yum. This includes bugzillas, CVEs, secu‐
64              rity updates and new.
65
66       summary
67              Is  used  to show the summary of errata notice information, from
68              the updateinfo.xml data in yum. This includes  bugzillas,  CVEs,
69              security updates and new.
70
71       bugzillas / bzs
72              Is  the  subset of the updateinfo information, pertaining to the
73              bugzillas.
74
75       cves   Is the subset of the updateinfo information, pertaining  to  the
76              CVEs.
77
78       security / sec
79              Is the subset of the updateinfo information, pertaining to secu‐
80              rity.
81
82       bugfix Is the subset of the updateinfo information, pertaining to  bug‐
83              fixes.
84
85       enhancement
86              Is  the  subset  of  the  updateinfo  information, pertaining to
87              enhancements.
88
89       recommended
90              Is the subset of the updateinfo information, pertaining to  rec‐
91              ommended updates.
92
93       new-packages
94              Is  the  subset of the updateinfo information, pertaining to new
95              packages. These are packages which weren't available at the ini‐
96              tial release of your distribution.
97

GENERAL OPTIONS

99       There  are  four  options  added to yum that are available in the "list
100       updates", "info updates", "check-update" and  "update"  commands.  They
101       are:
102
103       --advisory
104              This  option includes packages corresponding to the advisory ID,
105              Eg. FEDORA-2201-123.
106
107       --bz   This option includes packages that say they fix a  Bugzilla  ID,
108              Eg. 123.
109
110       --cve  This  option  includes packages that say they fix a CVE - Common
111              Vulnerabilities and Exposures ID  (http://cve.mitre.org/about/),
112              Eg. CVE-2201-0123.
113
114       --bugfixes
115              This option includes packages that say they fix a bugfix issue.
116
117       --security
118              This  option  includes  packages  that  say  they fix a security
119              issue.
120
121       --sec-severity
122              This option includes security relevant packages of the specified
123              severity.
124

EXAMPLES

126       To  list  all updates that are security relevant, and get a return code
127       on whether there are security updates use:
128
129              yum --security check-update
130
131       To upgrade packages that have security errata (upgrades to  the  latest
132       available package) use:
133
134              yum --security update
135
136       To  upgrade  packages  that  have security errata (upgrades to the last
137       security errata package) use:
138
139              yum --security update-minimal
140
141       To install  the  minimal  update  necessary  to  satisfy  the  advisory
142       FEDORA-2707-7654 use:
143
144              yum update-minimal --advisory FEDORA-2707-7654
145
146       To  update  all the packages listed in the advisory FEDORA-2707-7654 to
147       their latest versions use:
148
149              yum update --advisory FEDORA-2707-7654
150
151       To get a list of all BZs that are fixed for packages you have installed
152       use:
153
154              yum updateinfo list bugzillas
155
156       To  get  a list of all security advisories, including the ones you have
157       already installed use:
158
159              yum updateinfo list all security
160
161       To get the information on advisory FEDORA-2707-4567 use:
162
163              yum updateinfo info FEDORA-2707-4567
164
165       To update packages to  the  latest  version  which  contain  fixes  for
166       Bugzillas 123, 456 and 789; and all security updates use:
167
168              yum --bz 123 --bz 456 --bz 789 --security update
169
170       To update to the packages which just update Bugzillas 123, 456 and 789;
171       and all security updates use:
172
173              yum --bz 123 --bz 456 --bz 789 --security update-minimal
174
175       To get an info list of the latest  packages  which  contain  fixes  for
176       Bugzilla  123;  CVEs  CVE-2207-0123 and CVE-2207-3210; and Fedora advi‐
177       sories FEDORA-2707-4567 and FEDORA-2707-7654 use:
178
179              yum --bz 123 --cve CVE-2207-0123 --cve CVE-2207-3210  --advisory
180              FEDORA-2707-4567 --advisory FEDORA-2707-7654 info updates
181
182       To get a list of packages which are "new".
183
184              yum updateinfo list new
185
186       To get a summary of advisories you haven't installed yet use:
187
188              yum updateinfo summary
189
190
191

AUTHORS

198       James Antill <james.antill@redhat.com>.
199
200

BUGS

202       The update-minimal command ignores the --obsoletes flag.
203
204       The  update-minimal command can only directly affect things atm., so if
205       you update pkgA minimally but that requires an update to pkgB then pkgB
206       will  be updated to the newest version by the depsolver. Also the above
207       will happen even if you've also minimally updated pkgB, if  either  the
208       direct (minimal) update for pkgB happens after or if the minimal update
209       for pkgB doesn't satisfy the requirements of pkgA.
210
211       The main "problem" is that if the data is not correct the plugin cannot
212       work  correctly. For instance "--bz 123" will not fix BZ 123 if a pack‐
213       age is updated to fix that BZ without referencing that it  does  so  in
214       the updateinfo.xml.
215
216
217
218James Antill                     12 April 2007                 yum-security(8)