1yum-security(8)                                                yum-security(8)
2
3
4

NAME

6       yum security plugin
7

SYNOPSIS

9       yum [options] [command] [package ...]
10

DESCRIPTION

12       This  plugin extends yum to allow lists and updates to be limited using
13       security relevant criteria
14
15       added yum commands are:
16        * update-minimal
17
18       This works like the update command, but if you  have  the  the  package
19       foo-1  installed and have foo-2 and foo-3 available with updateinfo.xml
20       then update-minimal will update you to foo-3.
21        * info-updateinfo
22        * list-updateinfo
23
24       both of the last two take these sub-commands:
25        * * <advisory> [advisory...]
26        * * bugzillas
27        * * cves
28        * * security
29        * * new-packages
30
31       <advisory> [advisory...]
32              Is used to display information about one or more advisories.
33
34       list-updateinfo, info-updateinfo, summary-updateinfo
35              Is used to list all of the relevant errata  notice  information,
36              from  the  updateinfo.xml  data in yum. This includes bugzillas,
37              CVEs, security updates and new.
38
39       bugzillas / bzs
40              Is the subset of the updateinfo information, pertaining  to  the
41              bugzillas.
42
43       cves   Is  the  subset of the updateinfo information, pertaining to the
44              CVEs.
45
46       security / sec
47              Is the subset of the updateinfo information, pertaining to secu‐
48              rity.
49
50       bugfix Is  the subset of the updateinfo information, pertaining to bug‐
51              fixes.
52
53       enhancement
54              Is the subset  of  the  updateinfo  information,  pertaining  to
55              enhancements.
56
57       recommended
58              Is  the subset of the updateinfo information, pertaining to rec‐
59              ommended updates.
60
61       new-packages
62              Is the subset of the updateinfo information, pertaining  to  new
63              packages. These are packages which weren't available at the ini‐
64              tial release of your distribution.
65

GENERAL OPTIONS

67       There are four options added to yum that are  available  in  the  "list
68       updates",  "info  updates",  "check-update" and "update" commands. They
69       are:
70
71       --advisory
72              This option includes packages coresponding to the  advisory  ID,
73              Eg. FEDORA-2201-123.
74
75       --bz   This  option  includes packages that say they fix a Bugzilla ID,
76              Eg. 123.
77
78       --cve  This option includes packages that say they fix a CVE  -  Common
79              Vulnerabilities  and Exposures ID (http://cve.mitre.org/about/),
80              Eg. CVE-2201-0123.
81
82       --bugfixes
83              This option includes packages that say they fix a bugfix issue.
84
85       --security
86              This option includes packages  that  say  they  fix  a  security
87              issue.
88

EXAMPLES

90       To  list  all updates that are security relevant, and get a reutrn code
91       on whether there are security updates use:
92
93              yum --security check-update
94
95       To upgrade packages that have security errata (upgrades to  the  latest
96       available package) use:
97
98              yum --security update
99
100       To  upgrade  packages  that  have security errata (upgrades to the last
101       security errata package) use:
102
103              yum --security update-minimal
104
105       To get a list of all BZs that are fixed for packages you have installed
106       use:
107
108              yum list-updateinfo bugzillas
109
110       To get the information on advisory FEDORA-2707-4567 use:
111
112              yum info-updateinfo FEDORA-2707-4567
113
114       To  update  packages  to  the  latest  version  which contain fixes for
115       Bugzillas 123, 456 and 789; and all security updates use:
116
117              yum --bz 123 --bz 456 --bz 789 --security update
118
119       To update to the packages which just update Bugzillas 123, 456 and 789;
120       and all security updates use:
121
122              yum --bz 123 --bz 456 --bz 789 --security update-minimal
123
124       To  get  an  info  list  of the latest packages which contain fixes for
125       Bugzilla 123; CVEs CVE-2207-0123 and CVE-2207-3210;  and  Fedora  advi‐
126       sories FEDORA-2707-4567 and FEDORA-2707-7654 use:
127
128              yum  --bz 123 --cve CVE-2207-0123 --cve CVE-2207-3210 --advisory
129              FEDORA-2707-4567 --advisory FEDORA-2707-7654 info updates
130
131       To get a list of packages which are "new".
132
133              yum list-updateinfo new
134
135
136

SEE ALSO

138       yum (8)
139       yum.conf (5)
140
141

AUTHORS

143       James Antill <james.antill@redhat.com>.
144
145

BUGS

147       The update-minimal command ignores the --obsoletes flag.
148
149       The update-minimal command can only directly affect things atm., so  if
150       you update pkgA minimally but that requires an update to pkgB then pkgB
151       will be updated to the newest version by the depsolver. Also the  above
152       will  happen  even if you've also minimally updated pkgB, if either the
153       direct (minimal) update for pkgB happens after or if the minimal update
154       for pkgB doesn't satisy the requirements of pkgA.
155
156       The main "problem" is that if the data is not correct the plugin cannot
157       work correctly. For instance "--bz 123" will not fix BZ 123 if a  pack‐
158       age  is  updated  to fix that BZ without referencing that it does so in
159       the updateinfo.xml.
160
161
162
163James Antill                     12 April 2007                 yum-security(8)
Impressum