Re: Update only of security vulnerabilities?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, Apr 8, 2015 at 8:54 AM, Rafał Radecki <radecki.rafal@xxxxxxxxx> wrote:
> Hi All :)
>
> What is the best way to get a list of available security updates?
> I found several commands for that:
> 1) yum updateinfo list updates -q --security
> 2) yum list-security --security -q
> 3) yum --security check-update -q
> Based on the sample output below I think I can use any of the three with
> some awk to get a list of packages.
>
> yum updateinfo list updates -q --security
> FEDORA-EPEL-2014-0525 security libyaml-0.1.5-1.el6.x86_64
> FEDORA-EPEL-2014-0990 security libyaml-0.1.6-1.el6.x86_64
>
> yum list-security --security -q
> FEDORA-EPEL-2014-0525 security libyaml-0.1.5-1.el6.x86_64
> FEDORA-EPEL-2014-0990 security libyaml-0.1.6-1.el6.x86_64
>
> yum --security check-update -q
> libyaml.x86_64                       0.1.3-4.el6_6
> updates
>
> Then I can add this to nagios or cron to get a notification about available
> security updates.
>
> Do you see any advantages/disadvantages in using one of the three choices?

There are disadvantages to anything short of keeping your system
completely up to date with available updates.

> How do you do this kind of task? What can you propose to get a notification
> about available security updates?

Most/all updates within a minor version number will be to fix
something critical.   And the big batches of updates that come at the
minor version releases are only tested together.   While you can
cherry-pick individual package updates to install and in theory they
should run and pull in any other updates that are really needed via
rpm dependencies, you'll end up running a mix of things that no one
else has tried together.

-- 
   Les Mikesell
     lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos





[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux