Bug 234646 - yum plugin for security updates
yum plugin for security updates
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: distribution (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: James Antill
: FutureFeature
: 220294 (view as bug list)
Depends On:
Blocks: 222082
  Show dependency treegraph
Reported: 2007-03-30 15:17 EDT by Steve Grubb
Modified: 2013-01-10 05:18 EST (History)
8 users (show)

See Also:
Fixed In Version: RHEA-2007-0607
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-07 11:35:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
yum security plugin python file (10.24 KB, text/plain)
2007-04-11 03:49 EDT, James Antill
no flags Details

  None (edit)
Description Steve Grubb 2007-03-30 15:17:10 EDT
Description of problem:
We would like to have a yum plugin that could do these:

yum update -y --security
yum update -y --cve X
yum update -y --bz X"

Other possibly useful things:

yum update -y --advisory RHSA-2007:0099
yum update -y --advisory 2007:0099

Some way to have yum list give you a list of outstanding CVE's "show me 
what CVE's I'm vulnerable to unless I update"

Version-Release number of selected component (if applicable):
Comment 2 RHEL Product and Program Management 2007-03-30 15:24:29 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 3 James Antill 2007-04-11 03:49:06 EDT
Created attachment 152255 [details]
yum security plugin python file

 This is just the first attempt at the python plugin code. So to install it you
need to setup:

% cat /etc/yum/pluginconf.d/security.conf
% egrep plugin /etc/yum.conf

...and then do...

sudo cp yum-security-plugin.py /usr/lib/yum-plugins/security.py

...I think this is most of what everyone wanted, you can do (using not quite
updated FC-6):

yum --security update
yum --cve CVE-2007-1667 update
yum --bz 235374 --bz 234688 update
yum --advisory FEDORA-2007-420	--advisory FEDORA-2007-346 update

...dito. above with "list updates" "info updates" or check-update. You can also

yum sec-list
yum sec-list bugzillas / yum sec-list bzs
yum sec-list cves

...any more features anyone can think of, please reply soonish (no guarantees

 I'm guessing at this point we'll want to put it in an rpm, and ship it in
FC-7/RHEL-5.1 ? I'll be working on doing that unless someone shouts, also some
minimal documentation would be good I guess :).
Comment 4 James Antill 2007-04-11 10:22:20 EDT
 One minor bug that should probably be fixed in some way for RHEL-5 is that:

yum --bz 1 update

...displays a zero length transaction to the user, IMO this should be fixed in
yum itself ... but I'm open to just whacking it in the plugin itself (although
the UI might not be as nice).

 Also taking out of modified until we know where it's going, etc.
Comment 5 James Antill 2007-04-12 12:51:17 EDT
 I've put the code in an rpm, and added a man page. You can get it from my
people page here:

Comment 6 James Antill 2007-04-19 15:42:37 EDT
*** Bug 220294 has been marked as a duplicate of this bug. ***
Comment 9 James Antill 2007-06-26 16:42:30 EDT
 This is going out as part of yum-utils. This new package will require a Release
note. man yum-security gives significant info. the summary is that installing
the yum-security package extends yum to allow lists and updates to be limited
using security relevant criteria.
Comment 11 James Antill 2007-06-26 19:23:02 EDT
% egrep '^.package' yum-utils.spec
%package -n yum-updateonboot
%package -n yum-changelog
%package -n yum-fastestmirror
%package -n yum-fedorakmod
%package -n yum-protectbase
%package -n yum-versionlock
%package -n yum-tsflags
%package -n yum-kernel-module
%package -n yum-downloadonly
%package -n yum-allowdowngrade
%package -n yum-skip-broken
%package -n yum-priorities
%package -n yum-refresh-updatesd
%package -n yum-merge-conf
%package -n yum-security

...plus yum-utils itself:

% rpm -ql yum-utils              
Comment 13 James Antill 2007-06-26 21:25:36 EDT
 The major feature requested is "I want to apply only security updates, so as to
minimize risk" and that can now be done by installing the yum-security plugin
and doing:

yum update --security

...I believe Steve also has some govt. std. that would like this behaviour.
Comment 14 Don Domingo 2007-06-26 21:39:53 EDT
adding to release notes:

Users can now limit yum to install security updates only. To do so, simply
install the yum-security plugin and run the following command:

yum update --security

please advise if any revisions are required. thanks!
Comment 17 errata-xmlrpc 2007-11-07 11:35:15 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.