• yum search libstd++ - search for specific package
  • yum provides libstdc++.so5 - find which package this file belongs to
  • yum install libstdc++…..rpm - install the package
  • yum clean all - to re-read the repository
  • yum list available –showduplicates puppet - list all versions of a package (puppet in this case) available

Yum also has some utilities available. These can be installed as follows:

 root@server $ yum install yum-utils

One use of this is to tidy up old kernel entries

root@server $ rpm -q kernel

 root@machine $ package-cleanup --oldkernels --count=2

The package-cleanup command will delete the old kernel packages leaving just the last 2. Useful if /boot is getting a bit filled up.

You can use yum to check for critical security updates as follows. For RHEL 6 , need to check yum-security-plugin is installed (for RHEL 7 it has been incorporated into yum)

 #rpm -qa | grep yum-plugin-security

Check for critical security updates

 #yum --security --sec-severity=Critical check-update
 Loaded plugins: package_upload, product-id, security, subscription-manager
 This system is receiving updates from Red Hat Subscription Management.
 rhel-6-server-rpms                                                                                       | 2.0 kB     00:00
 rhel-6-server-rpms/primary                                                                               |  29 MB     00:00
 rhel-6-server-rpms                                                                                                  18431/18431
 Limiting package lists to security relevant ones
 rhel-6-server-rpms/updateinfo                                                                            | 3.3 MB     00:00
 23 package(s) needed for security, out of 585 available<br>
 glibc.i686                                                  2.12-1.192.el6                       rhel-6-server-rpms
 glibc.x86_64                                                2.12-1.192.el6                       rhel-6-server-rpms
 glibc-common.x86_64                                         2.12-1.192.el6                       rhel-6-server-rpms
 glibc-devel.x86_64                                          2.12-1.192.el6                       rhel-6-server-rpms
 glibc-headers.x86_64                                        2.12-1.192.el6                       rhel-6-server-rpms
 java-1.6.0-openjdk.x86_64                                   1:           rhel-6-server-rpms
 java-1.7.0-openjdk.x86_64                                   1:            rhel-6-server-rpms
 libsmbclient.x86_64                                         3.6.23-36.el6_8                      rhel-6-server-rpms
 nscd.x86_64                                                 2.12-1.192.el6                       rhel-6-server-rpms
 nspr.x86_64                                                 4.11.0-1.el6                         rhel-6-server-rpms
 nss.x86_64                                                  3.21.3-2.el6_8                       rhel-6-server-rpms
 nss-sysinit.x86_64                                          3.21.3-2.el6_8                       rhel-6-server-rpms
 nss-tools.x86_64                                            3.21.3-2.el6_8                       rhel-6-server-rpms
 nss-util.x86_64                                             3.21.3-1.el6_8                       rhel-6-server-rpms
 ruby.x86_64                                                           rhel-6-server-rpms
 ruby-libs.x86_64                                                      rhel-6-server-rpms
 samba.x86_64                                                3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-client.x86_64                                         3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-common.x86_64                                         3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-winbind.x86_64                                        3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-winbind-clients.x86_64                                3.6.23-36.el6_8                      rhel-6-server-rpms
 samba4-libs.x86_64                                          4.2.10-7.el6_8                       rhel-6-server-rpms
 xulrunner.x86_64                                            17.0.10-1.el6_4                      rhel-6-server-rpms

And to apply these security updates

 yum --security --sec-severity=Critical,Important update

To find the advisory references

 # yum --sec-severity=Critical updateinfo list
 Loaded plugins: package_upload, product-id, security, subscription-manager
 This system is receiving updates from Red Hat Subscription Management.
 rhel-6-server-rpms                                                                                           | 2.0 kB    0:00
 RHSA-2016:0175 Critical/Sec. glibc-2.12-1.166.el6_7.7.i686
 RHSA-2016:0175 Critical/Sec. glibc-common-2.12-1.166.el6_7.7.x86_64
 RHSA-2016:0175 Critical/Sec. glibc-devel-2.12-1.166.el6_7.7.x86_64
 RHSA-2016:0175 Critical/Sec. glibc-headers-2.12-1.166.el6_7.7.x86_64
 RHSA-2013:0605 Critical/Sec. java-1.6.0-openjdk-1:
 RHSA-2013:0602 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2013:0751 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2013:0957 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2013:1451 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2014:0026 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2014:0406 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2016:0053 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2016:0511 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2016:0675 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2015:0251 Critical/Sec. libsmbclient-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. libsmbclient-3.6.23-30.el6_7.x86_64
 RHSA-2016:0175 Critical/Sec. nscd-2.12-1.166.el6_7.7.x86_64
 RHSA-2014:0917 Critical/Sec. nspr-4.10.6-1.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-3.16.1-4.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-sysinit-3.16.1-4.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-tools-3.16.1-4.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-util-3.16.1-1.el6_5.x86_64
 RHSA-2013:1764 Critical/Sec. ruby-
 RHSA-2013:1764 Critical/Sec. ruby-libs-
 RHSA-2015:0251 Critical/Sec. samba-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-client-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-client-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-common-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-common-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-winbind-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-winbind-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-winbind-clients-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-winbind-clients-3.6.23-30.el6_7.x86_64
 RHSA-2015:0250 Critical/Sec. samba4-libs-4.0.0-66.el6_6.rc4.x86_64
 RHSA-2013:0614 Critical/Sec. xulrunner-17.0.3-2.el6_4.x86_64
 RHSA-2013:0696 Critical/Sec. xulrunner-17.0.5-1.el6_4.x86_64
 RHSA-2013:0820 Critical/Sec. xulrunner-17.0.6-2.el6_4.x86_64
 RHSA-2013:0981 Critical/Sec. xulrunner-17.0.7-1.el6_4.x86_64
 RHSA-2013:1140 Critical/Sec. xulrunner-17.0.8-3.el6_4.x86_64
 RHSA-2013:1268 Critical/Sec. xulrunner-17.0.9-1.el6_4.x86_64
 RHSA-2013:1476 Critical/Sec. xulrunner-17.0.10-1.el6_4.x86_64
 updateinfo list done

To find out detailed information about an update

 #yum updateinfo    RHSA-2016:0175
 Loaded plugins: package_upload, product-id, security, subscription-manager
 This system is receiving updates from Red Hat Subscription Management.
 rhel-6-server-rpms                                                                                                | 2.0 kB     00:00
   Critical: glibc security and bug fix update
   Update ID :    RHSA-2016:0175
   Release :
     Type : security
   Status : final
   Issued : 2016-02-16 00:00:00
     Bugs : 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
     CVEs : CVE-2015-7547
 Description : The glibc packages provide the standard C libraries (libc),etc
          : POSIX thread libraries (libpthread), standard math
          : libraries (libm), and the Name Server Caching
          : Daemon (nscd) used by multiple programs on the
          : system. Without these libraries, the Linux system
          : cannot function correctly.
          : A stack-based buffer overflow was found in the way
          : the libresolv library performed dual A/AAAA DNS
          : queries. A remote attacker could create a
          : specially crafted DNS response which could cause
          : libresolv to crash or, potentially, execute code
          : with the permissions of the user running the
          : library. Note: this issue is only exposed when
          : libresolv is called from the nss_dns NSS service
          : module. (CVE-2015-7547)
          : This issue was discovered by the Google Security
          : Team and Red Hat.
          : This update also fixes the following bugs:
          : * The dynamic loader has been enhanced to allow
          :   the loading of more shared libraries that make
          :   use of static thread local storage. While static
          :   thread local storage is the fastest access
          :   mechanism it may also prevent the shared library
          :   from being loaded at all since the static
          :   storage space is a limited and shared
          :   process-global resource. Applications which
          :   would previously fail with "dlopen: cannot load
          :   any more object with static TLS" should now
          :   start up correctly. (BZ#1291270)
          : * A bug in the POSIX realtime support would cause
          :   asynchronous I/O or certain timer API calls to
          :   fail and return errors in the presence of large
          :   thread-local storage data that exceeded
          :   PTHREAD_STACK_MIN in size (generally 16 KiB).
          :   The bug in librt has been corrected and the
          :   impacted APIs no longer return errors when large
          :   thread-local storage data is present in the
          :   application. (BZ#1301625)
          : All glibc users are advised to upgrade to these
          : updated packages, which contain backported patches
          : to correct these issues.
  Severity : Critical
 updateinfo info done

To install all available updates except the kernel packages

  yum update --exclude=kernel* 

To check if a reboot is required of processes need restarting after a package update, the needs-restarting command can be used:

  2569 : sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
  2274 : /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
  2540 : ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
  2581 : crond
  1543 : /sbin/udevd -d
  2206 : /sbin/dhclient -6 -nw -lf /var/lib/dhclient/dhclient6-eth0.leases -pf /var/run/dhclient6-eth0.pid eth0
  2595 : /usr/sbin/atd
  2560 : sendmail: accepting connections
  2314 : rpcbind
  2296 : rngd --no-tpm=1 --quiet
  1 : /sbin/init
  1873 : lvmetad
  2401 : /usr/sbin/acpid
  8596 : /sbin/udevd -d
  2366 : dbus-daemon --system
  8595 : /sbin/udevd -d
  2253 : auditd
 1882 : lvmpolld
 2074 : /sbin/dhclient -q -lf /var/lib/dhclient/dhclient-eth0.leases -pf /var/run/dhclient-eth0.pid eth0

to check if a reboot is required , use the -r argument

    #needs-restarting -r
    Core libraries or services have been updated:
       kernel -> 4.9.43-17.38.amzn1
       glibc -> 2.17-196.172.amzn1
   Reboot is required to ensure that your system benefits from these updates.

Recent Changes

Contribute to this wiki

Why not help others by sharing your knowledge? Contribute something to this wiki and join out hall of fame!
Contact us for a user name and password