1yum-security(8) yum-security(8)
2
3
4
6 yum security plugin
7
9 yum [options] [command] [package ...]
10
12 This plugin extends yum to allow lists and updates to be limited using
13 security relevant criteria
14
15 added yum commands are:
16 * update-minimal
17
18 This works like the update command, but if you have the the package
19 foo-1 installed and have foo-2 and foo-3 available with updateinfo.xml
20 then update-minimal will update you to foo-3.
21 * info-updateinfo
22 * list-updateinfo
23
24 both of the last two take these sub-commands:
25 * * <advisory> [advisory...]
26 * * bugzillas
27 * * cves
28 * * security
29 * * new-packages
30
31 <advisory> [advisory...]
32 Is used to display information about one or more advisories.
33
34 list-updateinfo, info-updateinfo, summary-updateinfo
35 Is used to list all of the relevant errata notice information,
36 from the updateinfo.xml data in yum. This includes bugzillas,
37 CVEs, security updates and new.
38
39 bugzillas / bzs
40 Is the subset of the updateinfo information, pertaining to the
41 bugzillas.
42
43 cves Is the subset of the updateinfo information, pertaining to the
44 CVEs.
45
46 security / sec
47 Is the subset of the updateinfo information, pertaining to secu‐
48 rity.
49
50 bugfix Is the subset of the updateinfo information, pertaining to bug‐
51 fixes.
52
53 enhancement
54 Is the subset of the updateinfo information, pertaining to
55 enhancements.
56
57 recommended
58 Is the subset of the updateinfo information, pertaining to rec‐
59 ommended updates.
60
61 new-packages
62 Is the subset of the updateinfo information, pertaining to new
63 packages. These are packages which weren't available at the ini‐
64 tial release of your distribution.
65
67 There are four options added to yum that are available in the "list
68 updates", "info updates", "check-update" and "update" commands. They
69 are:
70
71 --advisory
72 This option includes packages coresponding to the advisory ID,
73 Eg. FEDORA-2201-123.
74
75 --bz This option includes packages that say they fix a Bugzilla ID,
76 Eg. 123.
77
78 --cve This option includes packages that say they fix a CVE - Common
79 Vulnerabilities and Exposures ID (http://cve.mitre.org/about/),
80 Eg. CVE-2201-0123.
81
82 --bugfixes
83 This option includes packages that say they fix a bugfix issue.
84
85 --security
86 This option includes packages that say they fix a security
87 issue.
88
90 To list all updates that are security relevant, and get a reutrn code
91 on whether there are security updates use:
92
93 yum --security check-update
94
95 To upgrade packages that have security errata (upgrades to the latest
96 available package) use:
97
98 yum --security update
99
100 To upgrade packages that have security errata (upgrades to the last
101 security errata package) use:
102
103 yum --security update-minimal
104
105 To get a list of all BZs that are fixed for packages you have installed
106 use:
107
108 yum list-updateinfo bugzillas
109
110 To get the information on advisory FEDORA-2707-4567 use:
111
112 yum info-updateinfo FEDORA-2707-4567
113
114 To update packages to the latest version which contain fixes for
115 Bugzillas 123, 456 and 789; and all security updates use:
116
117 yum --bz 123 --bz 456 --bz 789 --security update
118
119 To update to the packages which just update Bugzillas 123, 456 and 789;
120 and all security updates use:
121
122 yum --bz 123 --bz 456 --bz 789 --security update-minimal
123
124 To get an info list of the latest packages which contain fixes for
125 Bugzilla 123; CVEs CVE-2207-0123 and CVE-2207-3210; and Fedora advi‐
126 sories FEDORA-2707-4567 and FEDORA-2707-7654 use:
127
128 yum --bz 123 --cve CVE-2207-0123 --cve CVE-2207-3210 --advisory
129 FEDORA-2707-4567 --advisory FEDORA-2707-7654 info updates
130
131 To get a list of packages which are "new".
132
133 yum list-updateinfo new
134
135
136
138 yum [4m(8)
139 yum.conf [4m(5)
140
141
143 James Antill <james.antill@redhat.com>.
144
145
147 The update-minimal command ignores the --obsoletes flag.
148
149 The update-minimal command can only directly affect things atm., so if
150 you update pkgA minimally but that requires an update to pkgB then pkgB
151 will be updated to the newest version by the depsolver. Also the above
152 will happen even if you've also minimally updated pkgB, if either the
153 direct (minimal) update for pkgB happens after or if the minimal update
154 for pkgB doesn't satisy the requirements of pkgA.
155
156 The main "problem" is that if the data is not correct the plugin cannot
157 work correctly. For instance "--bz 123" will not fix BZ 123 if a pack‐
158 age is updated to fix that BZ without referencing that it does so in
159 the updateinfo.xml.
160
161
162
163James Antill 12 April 2007 yum-security(8)