RHEL/CentOS:yum列出/仅安装安全更新
时间:2020-01-09 10:43:10 来源:igfitidea点击:
如何仅列出或者安装RHEL 5.x或者CentOS Linux服务器下的安全更新?
如何找到每个补丁的安全更新描述,例如CVE,错误,发布日期和类型?
您可以使用yum-security插件轻松找到与安全补丁相关的信息。
该插件将选项security,cve,bz和advisory标志添加到yum以及list-security和info-security命令。
这些选项可以将软件包的列表/升级限制为特定于安全性的软件包。
这些命令为您提供安全信息。
安装插件
执行以下命令:
# yum install yum-security
如何显示可用的安全更新?
执行以下命令:
# yum list-security
输出示例:
Loaded plugins: rhnplugin, security RHSA-2009:1148-1 security httpd-2.2.3-22.el5_3.2.x86_64 RHSA-2009:1148-1 security httpd-devel-2.2.3-22.el5_3.2.i386 RHSA-2009:1148-1 security httpd-manual-2.2.3-22.el5_3.2.x86_64 RHSA-2009:1148-1 security mod_ssl-1:2.2.3-22.el5_3.2.x86_64 list-security done
要列出所有与安全性相关的更新,并获取有关是否存在安全性更新的代码,请使用:
# yum --security check-update
要获取已安装软件包固定的所有BZ的列表,请使用:
# yum list-security bugzillas
要获取有关RHSA-2009:1148-1咨询的信息,请使用:
# yum info-security RHSA-2009:1148-1
输出示例:
Loaded plugins: rhnplugin, security
===============================================================================
RHSA-2009:1148
===============================================================================
Update ID : RHSA-2009:1148-1
Release :
Type : security
Status : final
Issued : 2009-07-08 23:00:00
Bugs : 509125 - None
: 509375 - None
CVEs : CVE-2009-1890
: CVE-2009-1891
Description : Important: httpd security update \The Apache HTTP Server is a
: popular Web server. A denial of service flaw was
: found in the Apache mod_proxy module when it was
: used as a reverse proxy. A remote attacker could
: use this flaw to force a proxy process to consume
: large amounts of CPU time. (CVE-2009-1890) A
: denial of service flaw was found in the Apache
: mod_deflate module. This module continued to
: compress large files until compression was
: complete, even if the network connection that
: requested the content was closed before
: compression completed. This would cause
: mod_deflate to consume large amounts of CPU if
: mod_deflate was enabled for a large file.
: (CVE-2009-1891) All httpd users should upgrade to
: these updated packages, which contain backported
: patches to correct these issues. After installing
: the updated packages, the httpd daemon must be
: restarted for the update to take effect.
Files : mod_ssl-2.2.3-22.el5_3.2.x86_64.rpm
: httpd-devel-2.2.3-22.el5_3.2.i386.rpm
: httpd-2.2.3-22.el5_3.2.x86_64.rpm
: httpd-devel-2.2.3-22.el5_3.2.x86_64.rpm
: httpd-manual-2.2.3-22.el5_3.2.x86_64.rpm
: mod_ssl-2.2.3-22.el5_3.2.i386.rpm
: httpd-2.2.3-22.el5_3.2.i386.rpm
: httpd-manual-2.2.3-22.el5_3.2.i386.rpm
info-security done
获取包含Bugzilla 3595修复程序的最新软件包的信息列表; CVE CVE-2009-1890和通报RHSA-2009:1148-1,使用:
# yum --bz 3595 --cve CVE-2009-1890 --advisory RHSA-2009:1148-1 info updates
如何仅安装所有安全更新?
执行以下命令以下载并安装所有可用的安全更新:
# yum update --security
