You can collectively (or selectively) apply OS security updates using the yum command.
Accessing the RPM packages using the distribution website
- Specify the repository to
which the yum command will connect.
- For Red Hat Enterprise Linux, register the system by using Red Hat Subscription Management. For details, see https://access.redhat.com/articles/11258.
- For Oracle Linux, the initial settings are set by default (the file repo is already located in the directory /etc/yum.repos.d). For details, see http://yum.oracle.com/getting-started.html.
- If you are using a proxy,
specify the proxy for the yum command:
- Add the following
information to the /etc/yum.conf file:
proxy=http://host-name:port-number proxy_username=user-name proxy_password=password
- Clear the cache for
the yum command.
yum clean all
- Add the following
information to the /etc/yum.conf file:
Using the yum command
To update all packages for which security-related errata are available (including packages with bug fixes or new features without security errata):
yum --security --exclude kernel* --exclude *podman* --exclude *containers-common* upgrade
To update all packages for which security-related errata are available (ignoring any newer packages without security errata):
yum --security --exclude kernel* --exclude *podman* --exclude *containers-common* upgrade-minimal
To update all kernel and podman packages to the latest supported versions that contain security errata, follow these examples.
For Red Hat kernel (must specify supported kernel version):
yum --security upgrade-minimal kernel-4.18.0-305.*
For Unbreakable Enterprise kernel (must specify supported uek kernel version):
yum --security upgrade-minimal kernel-uek-5.4.17-2102.*
For podman (must specify supported podman version):
yum --security upgrade-minimal podman-3.3.*
You can also update only those packages that correspond to a CVE or erratum, as in the following examples:
yum --cve CVE-2021-37576 upgrade-minimal
For Red Hat Enterprise Linux:
yum --advisory RHSA-2021:4056 upgrade-minimal
For Oracle Linux:
yum --advisory ELSA-2021-9474 upgrade-minimal