1yum-security(8) yum-security(8)
2
3
4
6 yum security plugin
7
9 yum [options] [command] [package ...]
10
12 This plugin extends yum to allow lists and updates to be limited using
13 security relevant criteria
14
15 added yum commands are:
16 * info-sec
17 * list-sec
18
19 both of which take these sub-commandss are:
20 * * <advisory> [advisory...]
21 * * bugzillas
22 * * cves
23 * * security
24
25 <advisory> [advisory...]
26 Is used to display information about one or more advisories.
27
28 list-sec
29 Is used to list all of the relevant security information, from
30 the updateinfo.xml data in yum. This includes bugzillas, CVEs
31 and security updates.
32
33 bugzillas / bzs
34 Is the subset of the security information, pertaining to the
35 bugzillas.
36
37 cves Is the subset of the security information, pertaining to the
38 CVEs.
39
40 security / sec
41 Is the subset of the security information, pertaining to secu‐
42 rity.
43
45 There are four options added to yum that are available in the "list
46 updates", "info updates", "check-update" and "update" commands. They
47 are:
48
49 --advisory
50 This option includes packages coresponding to the advisory ID,
51 Eg. FEDORA-2201-123.
52
53 --bz This option includes packages that say they fix a Bugzilla ID,
54 Eg. 123.
55
56 --cve This option includes packages that say they fix a CVE - Common
57 Vulnerabilities and Exposures ID (http://cve.mitre.org/about/),
58 Eg. CVE-2201-0123.
59
60 --security
61 This option includes packages that say they fix a security
62 issue.
63
65 To list all updates that are security relevant, and get a reutrn code
66 on whether there are security updates use:
67
68 yum --security check-update
69
70 To apply updates that are security relevant use:
71
72 yum --security update
73
74 To get a list of all BZs that are fixed for packages you have installed
75 use:
76
77 yum list-sec bugzillas
78
79 To get the information on advisory FEDORA-2707-4567 use:
80
81 yum info-sec FEDORA-2707-4567
82
83 To apply updates for Bugzillas 123, 456 and 789; and all security
84 updates use:
85
86 yum --bz 123 --bz 456 --bz 789 --security update
87
88 To get an info list of updates for Bugzilla 123; CVEs CVE-2207-0123 and
89 CVE-2207-3210; and Fedora advisories FEDORA-2707-4567 and
90 FEDORA-2707-7654 use:
91
92 yum --bz 123 --cve CVE-2207-0123 --cve CVE-2207-3210 --advisory
93 FEDORA-2707-4567 --advisory FEDORA-2707-7654 info updates
94
95
96
98 yum [4m(8)
99 yum.conf [4m(5)
100
101
103 James Antill <james.antill@redhat.com>.
104
105
107 Currently yum.conf comes as default without plugins enabled, so just
108 installing the yum security plugin will do nothing. There are detailed
109 instructions on enabling plugins in the yum man page, however just
110 putting "plugins=1" in yum.conf should just work.
111
112 The main "problem" is that if the data is not correct the plugin cannot
113 work correctly. For instance "--bz 123" will not fix BZ 123 if a pack‐
114 age is updated to fix that BZ without referencing that it does so in
115 the updateinfo.xml.
116
117
118
119James Antill 2007 Apr 12 yum-security(8)