Four ways to install security updates on Red Hat (RHEL) & CentOS systems

Patching of the Linux server is one of the important and routine task of Linux admin.

Keeping the system with latest patch level is must. It protects your system against unnecessary attack.

There are three kind of erratas available in the RHEL/CentOS repository, these are Security, Bug Fix and Product Enhancements.

We have two options to handle this either install only security updates or entire errata packages.

We have already written an article in the past to check available security updates?.

And  ways to check the installed security updates on your system in these link.

You can navigate to the above links, if you would like to verify available security updates before installing them.

In this article, we will show you how to install security updates in multiple ways on RHEL and CentOS system.

1) How to install entire Errata updates in Red Hat  & CentOS system?

Run the following command to download and apply all available security updates on your system.

Note: This command will install the last available version of any package with at least one security errata.

Also, installs non-security erratas if they provide  more updated version of the package.

# yum update --security

Loaded plugins: changelog, package_upload, product-id, search-disabled-repos, subscription-manager, verify, versionlock
RHEL7-Server-DVD                                                                                                                              | 4.3 kB  00:00:00
rhel-7-server-rpms                                                                                                                            | 2.0 kB  00:00:00
--> 1:grub2-tools-extra-2.02-0.76.el7.1.x86_64 from rhel-7-server-rpms removed (updateinfo)
--> nss-pem-1.0.3-5.el7_6.1.x86_64 from rhel-7-server-rpms removed (updateinfo)
.
35 package(s) needed (+0 related) for security, out of 115 available
Resolving Dependencies
--> Running transaction check
---> Package NetworkManager.x86_64 1:1.12.0-6.el7 will be updated
---> Package NetworkManager.x86_64 1:1.12.0-10.el7_6 will be an update

Once you ran the above command, it will check all the available updates and its dependency satisfaction.

--> Finished Dependency Resolution
--> Running transaction check
---> Package kernel.x86_64 0:3.10.0-514.26.1.el7 will be erased
---> Package kernel-devel.x86_64 0:3.10.0-514.26.1.el7 will be erased
--> Finished Dependency Resolution

Dependencies Resolved
=====================================================================================================================================================================
Package                                          Arch                       Version                                   Repository                               Size
=====================================================================================================================================================================
Installing:
kernel                                           x86_64                     3.10.0-957.10.1.el7                       rhel-7-server-rpms                       48 M
kernel-devel                                     x86_64                     3.10.0-957.10.1.el7                       rhel-7-server-rpms                       17 M
Updating:
NetworkManager                                   x86_64                     1:1.12.0-10.el7_6                         rhel-7-server-rpms                      1.7 M
NetworkManager-adsl                              x86_64                     1:1.12.0-10.el7_6                         rhel-7-server-rpms                      157 k
.
Removing:
kernel                                           x86_64                     3.10.0-514.26.1.el7                       @rhel-7-server-rpms                     148 M
kernel-devel                                     x86_64                     3.10.0-514.26.1.el7                       @rhel-7-server-rpms                      34 M

If these dependencies were satisfied, which finally gives you a total summary about it.

The transaction summary shows, how many packages will get Installed, upgraded and removed from the system.

Transaction Summary
=====================================================================================================================================================================
Install   2 Packages
Upgrade  33 Packages
Remove    2 Packages

Total download size: 124 M
Is this ok [y/d/N]:

How to install only security updates in Red Hat and CentOS system?

Run the following command to install only the packages that have a security errata.

# yum update-minimal --security

Loaded plugins: changelog, package_upload, product-id, search-disabled-repos, subscription-manager, verify, versionlock
rhel-7-server-rpms                                                                                                                            | 2.0 kB  00:00:00
Resolving Dependencies
--> Running transaction check
---> Package NetworkManager.x86_64 1:1.12.0-6.el7 will be updated
---> Package NetworkManager.x86_64 1:1.12.0-8.el7_6 will be an update
.
--> Finished Dependency Resolution
--> Running transaction check
---> Package kernel.x86_64 0:3.10.0-514.26.1.el7 will be erased
---> Package kernel-devel.x86_64 0:3.10.0-514.26.1.el7 will be erased
--> Finished Dependency Resolution

Dependencies Resolved
=====================================================================================================================================================================
Package                                          Arch                       Version                                   Repository                               Size
=====================================================================================================================================================================
Installing:
kernel                                           x86_64                     3.10.0-957.10.1.el7                       rhel-7-server-rpms                       48 M
kernel-devel                                     x86_64                     3.10.0-957.10.1.el7                       rhel-7-server-rpms                       17 M
Updating:
NetworkManager                                   x86_64                     1:1.12.0-8.el7_6                          rhel-7-server-rpms                      1.7 M
NetworkManager-adsl                              x86_64                     1:1.12.0-8.el7_6                          rhel-7-server-rpms                      157 k
.
Removing:
kernel                                           x86_64                     3.10.0-514.26.1.el7                       @rhel-7-server-rpms                     148 M
kernel-devel                                     x86_64                     3.10.0-514.26.1.el7                       @rhel-7-server-rpms                      34 M

Transaction Summary
=====================================================================================================================================================================
Install   2 Packages
Upgrade  33 Packages
Remove    2 Packages

Total download size: 124 M
Is this ok [y/d/N]:

How to install security update using CVE reference in Red Hat and CentOS system?

If you would like to install a security update using a CVE reference, run the following command.

# yum update --cve 

# yum update --cve CVE-2008-0947

How to install security update using specific advisory in Red Hat and CentOS System?

Run the following command, if you want to apply only a specific advisory.

# yum update --advisory=

# yum update --advisory=RHSA-2014:0159

About Magesh Maruthamuthu

Love to play with all Linux distribution

View all posts by Magesh Maruthamuthu

Leave a Reply

Your email address will not be published. Required fields are marked *