Rechercher une page de manuel
yum-security
Langue: en
Version: 12 April 2007 (MeeGo - 06/11/10)
Section: 8 (Commandes administrateur)
NAME
yum security pluginSYNOPSIS
yum [options] [command] [package ...]DESCRIPTION
This plugin extends yum to allow lists and updates to be limited using security relevant criteria
added yum commands are:
* update-minimal
This works like the update command, but if you have the the package foo-1 installed and have foo-2 and foo-3 available with updateinfo.xml then update-minimal will update you to foo-3.
* info-updateinfo
* list-updateinfo
both of the last two take these sub-commands:
* * <advisory> [advisory...]
* * bugzillas
* * cves
* * security
* * new-packages
- <advisory> [advisory...]
- Is used to display information about one or more advisories.
- list-updateinfo, info-updateinfo, summary-updateinfo
- Is used to list all of the relevant errata notice information, from the updateinfo.xml data in yum. This includes bugzillas, CVEs, security updates and new.
- bugzillas / bzs
- Is the subset of the updateinfo information, pertaining to the bugzillas.
- cves
- Is the subset of the updateinfo information, pertaining to the CVEs.
- security / sec
- Is the subset of the updateinfo information, pertaining to security.
- bugfix
- Is the subset of the updateinfo information, pertaining to bugfixes.
- enhancement
- Is the subset of the updateinfo information, pertaining to enhancements.
- recommended
- Is the subset of the updateinfo information, pertaining to recommended updates.
- new-packages
- Is the subset of the updateinfo information, pertaining to new packages. These are packages which weren't available at the initial release of your distribution.
GENERAL OPTIONS
There are four options added to yum that are available in the "list updates", "info updates", "check-update" and "update" commands. They are:- --advisory
- This option includes packages coresponding to the advisory ID, Eg. FEDORA-2201-123.
- --bz
- This option includes packages that say they fix a Bugzilla ID, Eg. 123.
- --cve
- This option includes packages that say they fix a CVE - Common Vulnerabilities and Exposures ID (http://cve.mitre.org/about/), Eg. CVE-2201-0123.
- --bugfixes
- This option includes packages that say they fix a bugfix issue.
- --security
- This option includes packages that say they fix a security issue.
EXAMPLES
To list all updates that are security relevant, and get a reutrn code on whether there are security updates use:
- yum --security check-update
To upgrade packages that have security errata (upgrades to the latest available package) use:
- yum --security update
To upgrade packages that have security errata (upgrades to the last security errata package) use:
- yum --security update-minimal
To get a list of all BZs that are fixed for packages you have installed use:
- yum list-updateinfo bugzillas
To get the information on advisory FEDORA-2707-4567 use:
- yum info-updateinfo FEDORA-2707-4567
To update packages to the latest version which contain fixes for Bugzillas 123, 456 and 789; and all security updates use:
- yum --bz 123 --bz 456 --bz 789 --security update
To update to the packages which just update Bugzillas 123, 456 and 789; and all security updates use:
- yum --bz 123 --bz 456 --bz 789 --security update-minimal
To get an info list of the latest packages which contain fixes for Bugzilla 123; CVEs CVE-2207-0123 and CVE-2207-3210; and Fedora advisories FEDORA-2707-4567 and FEDORA-2707-7654 use:
- yum --bz 123 --cve CVE-2207-0123 --cve CVE-2207-3210 --advisory FEDORA-2707-4567 --advisory FEDORA-2707-7654 info updates
To get a list of packages which are "new".
- yum list-updateinfo new
SEE ALSO
yum (8) yum.conf (5)
AUTHORS
James Antill <james.antill@redhat.com>.
BUGS
The update-minimal command ignores the --obsoletes flag.The update-minimal command can only directly affect things atm., so if you update pkgA minimally but that requires an update to pkgB then pkgB will be updated to the newest version by the depsolver. Also the above will happen even if you've also minimally updated pkgB, if either the direct (minimal) update for pkgB happens after or if the minimal update for pkgB doesn't satisy the requirements of pkgA.
The main "problem" is that if the data is not correct the plugin cannot work correctly. For instance "--bz 123" will not fix BZ 123 if a package is updated to fix that BZ without referencing that it does so in the updateinfo.xml.
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre