yum-security

Section: (8)
Updated: 2007 Apr 12
Index Return to Main Contents
 

NAME

yum security plugin  

SYNOPSIS

yum [options] [command] [package ...]  

DESCRIPTION

This plugin extends yum to allow lists and updates to be limited using security relevant criteria

added yum commands are:
* info-sec
* list-sec

both of which take these sub-commandss are:
* * <advisory> [advisory...]
* * bugzillas
* * cves
* * security

<advisory> [advisory...]
Is used to display information about one or more advisories.

list-sec
Is used to list all of the relevant security information, from the updateinfo.xml data in yum. This includes bugzillas, CVEs and security updates.
bugzillas / bzs
Is the subset of the security information, pertaining to the bugzillas.
cves
Is the subset of the security information, pertaining to the CVEs.
security / sec
Is the subset of the security information, pertaining to security.

 

GENERAL OPTIONS

There are four options added to yum that are available in the "list updates", "info updates", "check-update" and "update" commands. They are:

--advisory
This option includes packages coresponding to the advisory ID, Eg. FEDORA-2201-123.
--bz
This option includes packages that say they fix a Bugzilla ID, Eg. 123.
--cve
This option includes packages that say they fix a CVE - Common Vulnerabilities and Exposures ID (http://cve.mitre.org/about/), Eg. CVE-2201-0123.
--security
This option includes packages that say they fix a security issue.

 

EXAMPLES

To list all updates that are security relevant, and get a reutrn code on whether there are security updates use:

yum --security check-update

To apply updates that are security relevant use:

yum --security update

To get a list of all BZs that are fixed for packages you have installed use:

yum list-sec bugzillas

To get the information on advisory FEDORA-2707-4567 use:

yum info-sec FEDORA-2707-4567

To apply updates for Bugzillas 123, 456 and 789; and all security updates use:

yum --bz 123 --bz 456 --bz 789 --security update

To get an info list of updates for Bugzilla 123; CVEs CVE-2207-0123 and CVE-2207-3210; and Fedora advisories FEDORA-2707-4567 and FEDORA-2707-7654 use:

yum --bz 123 --cve CVE-2207-0123 --cve CVE-2207-3210 --advisory FEDORA-2707-4567 --advisory FEDORA-2707-7654 info updates

 

SEE ALSO

yum (8)
yum.conf (5)

 

AUTHORS

James Antill <james.antill@redhat.com>.

 

BUGS

Currently yum.conf comes as default without plugins enabled, so just installing the yum security plugin will do nothing. There are detailed instructions on enabling plugins in the yum man page, however just putting "plugins=1" in yum.conf should just work.

The main "problem" is that if the data is not correct the plugin cannot work correctly. For instance "--bz 123" will not fix BZ 123 if a package is updated to fix that BZ without referencing that it does so in the updateinfo.xml.


 

Index

NAME
SYNOPSIS
DESCRIPTION
GENERAL OPTIONS
EXAMPLES
SEE ALSO
AUTHORS
BUGS

linux.jgfs.net manual pages