Bug 749921

Summary: yum-plugin-security updateinfo.xml contain severity (feature request)
Product: Red Hat Enterprise Linux 6 Reporter: jcpunk
Component: yum-utilsAssignee: James Antill <james.antill>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.1   
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-16 15:34:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description jcpunk 2011-10-28 21:15:29 UTC 
Description of problem:

It would be nice to be able to easily query the security plugin for the severity of a given errata.  I realize its in the title, but scheduling downtime for applications which must be restarted afterwards is easier when I can build an automated query to report which errata are critical and which are less so.  For the critical ones I'd probably be able to schedule a window in the very very near future, for the others I don't have that luxury.  


Version-Release number of selected component (if applicable): 1.1.30-6.el6


How reproducible: always


Steps to Reproduce:
1. yum list-sec
2. look for Critical (or use grep)
3. wish this was able to be contained in the updateinfo.xml so that my way of rating vulnerabilities doesn't depend on you never changing the formatting of the title.
  
Actual results:
A weird hack for determining importance of updates.

Expected results:
A more elegant way of knowing how severe a security update is

Additional info:
  In fedora this doesn't bother me so much as that is never on my servers, but with yum-plugin-security being such a great tool. I'd love to leverage it some more for manager friendly reporting.
Comment 2 RHEL Program Management 2011-11-01 05:47:51 UTC 
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 3 James Antill 2011-11-16 15:34:23 UTC 
The latest version of the security plugin has --sec-severity option. This should already be fixed/available in the version you have.

Also note that there is a:

yum updateinfo

...command, see the man page.