I have been searching around in the net and in StackExchange as well, and found out
yum-plugin-security although can be installed but it is actually not functioning for Centos-base repositories, back to 2013 and 2014. Referring to this and this.
I have tested again myself with my Centos 6.6 and found out as in 2016 now,
yum-plugin-security is still not functioning. This can be tested using the latest most heat issue of the DROWN attack of openssl.
First get the version of openssl installed:
4977-20[13:59:19 root@lye-vm ~]# rpm -qa openssl openssl-1.0.1e-30.el6_6.5.x86_64
Then find any updates available for openssl:
4978-21[14:09:37 root@lye-vm ~]# yum list updates openssl* Loaded plugins: security Updated Packages openssl.x86_64 1.0.1e-42.el6_7.4 updates
Ok, so there is one. Then find it with
4979-22[14:09:42 root@lye-vm ~]# yum updateinfo list security Loaded plugins: security updateinfo list done 4980-23[14:09:46 root@lye-vm ~]#
So there is none shown by ‘updateinfo’. (If using
yum --security check-update it will list out all updates available, which is not functioning so well).
I wish to know is it true there is NO WAY we can get the Security Updates by using
yum commands ? or there is a way and I did something wrong ?
My purpose is to only update Centos with security related updates. At the moment what I can do is manually subscribe to Centos-announce mailing list and look for those thread with keyword Security Update, such as this for the openssl DROWN attack.
Just use the
# yum --security update Loaded plugins: etckeeper, fastestmirror, security Setting up Update Process Loading mirror speeds from cached hostfile * base: mirror.cs.pitt.edu * epel: mirror.us.leaseweb.net * extras: mirror.dattobackup.com * updates: mirror.cogentco.com Resolving Dependencies Limiting packages to security relevant ones No packages needed for security; 1 packages available
But keep in mind that:
- CentOS repos do not tag any updates as security updates.
- If you use third party repos, they might not tag all of their security updates as such.
So you may need to apply additional updates.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.