Useful yum Commands
- yum search libstd++ - search for specific package
- yum provides libstdc++.so5 - find which package this file belongs to
- yum install libstdc++…..rpm - install the package
- yum clean all - to re-read the repository
Yum also has some utilities available. These can be installed as follows:
root@server $ yum install yum-utils
One use of this is to tidy up old lernel entries
root@server $ rpm -q kernel
kernel-2.6.32-220.2.1.el6.i686 kernel-2.6.32-220.4.1.el6.i686 kernel-2.6.32-220.4.2.el6.i686 kernel-2.6.32-220.7.1.el6.i686 root@machine $ package-cleanup --oldkernels --count=2
The package-cleanup command will delete the old kernel packages leaving just the last 2. Useful if /boot is getting a bit filled up.
You can use yum to check for critical security updates as follows. For RHEL 6 , need to check yum-security-plugin is installed (for RHEL 7 it has been incorporated into yum)
#rpm -qa | grep yum-plugin-security yum-plugin-security-1.1.30-14.el6.noarch
Check for critical security updates
#yum --security --sec-severity=Critical check-update Loaded plugins: package_upload, product-id, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. rhel-6-server-rpms | 2.0 kB 00:00 rhel-6-server-rpms/primary | 29 MB 00:00 rhel-6-server-rpms 18431/18431 Limiting package lists to security relevant ones rhel-6-server-rpms/updateinfo | 3.3 MB 00:00 23 package(s) needed for security, out of 585 available<br> glibc.i686 2.12-1.192.el6 rhel-6-server-rpms glibc.x86_64 2.12-1.192.el6 rhel-6-server-rpms glibc-common.x86_64 2.12-1.192.el6 rhel-6-server-rpms glibc-devel.x86_64 2.12-1.192.el6 rhel-6-server-rpms glibc-headers.x86_64 2.12-1.192.el6 rhel-6-server-rpms java-1.6.0-openjdk.x86_64 1:1.6.0.41-1.13.13.1.el6_8 rhel-6-server-rpms java-1.7.0-openjdk.x86_64 1:1.7.0.121-2.6.8.1.el6_8 rhel-6-server-rpms libsmbclient.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms nscd.x86_64 2.12-1.192.el6 rhel-6-server-rpms nspr.x86_64 4.11.0-1.el6 rhel-6-server-rpms nss.x86_64 3.21.3-2.el6_8 rhel-6-server-rpms nss-sysinit.x86_64 3.21.3-2.el6_8 rhel-6-server-rpms nss-tools.x86_64 3.21.3-2.el6_8 rhel-6-server-rpms nss-util.x86_64 3.21.3-1.el6_8 rhel-6-server-rpms ruby.x86_64 1.8.7.374-4.el6_6 rhel-6-server-rpms ruby-libs.x86_64 1.8.7.374-4.el6_6 rhel-6-server-rpms samba.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms samba-client.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms samba-common.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms samba-winbind.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms samba-winbind-clients.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms samba4-libs.x86_64 4.2.10-7.el6_8 rhel-6-server-rpms xulrunner.x86_64 17.0.10-1.el6_4 rhel-6-server-rpms
And to apply these security updates
yum --security --sec-severity=Critical,Important update
To find the advisory references
# yum --sec-severity=Critical updateinfo list Loaded plugins: package_upload, product-id, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. rhel-6-server-rpms | 2.0 kB 0:00 RHSA-2016:0175 Critical/Sec. glibc-2.12-1.166.el6_7.7.i686 RHSA-2016:0175 Critical/Sec. glibc-common-2.12-1.166.el6_7.7.x86_64 RHSA-2016:0175 Critical/Sec. glibc-devel-2.12-1.166.el6_7.7.x86_64 RHSA-2016:0175 Critical/Sec. glibc-headers-2.12-1.166.el6_7.7.x86_64 RHSA-2013:0605 Critical/Sec. java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64 RHSA-2013:0602 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.9-2.3.8.0.el6_4.x86_64 RHSA-2013:0751 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.19-2.3.9.1.el6_4.x86_64 RHSA-2013:0957 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.25-2.3.10.3.el6_4.x86_64 RHSA-2013:1451 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.45-2.4.3.2.el6_4.x86_64 RHSA-2014:0026 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.51-2.4.4.1.el6_5.x86_64 RHSA-2014:0406 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el6_5.x86_64 RHSA-2016:0053 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el6_7.x86_64 RHSA-2016:0511 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el6_7.x86_64 RHSA-2016:0675 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.101-2.6.6.1.el6_7.x86_64 RHSA-2015:0251 Critical/Sec. libsmbclient-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. libsmbclient-3.6.23-30.el6_7.x86_64 RHSA-2016:0175 Critical/Sec. nscd-2.12-1.166.el6_7.7.x86_64 RHSA-2014:0917 Critical/Sec. nspr-4.10.6-1.el6_5.x86_64 RHSA-2014:0917 Critical/Sec. nss-3.16.1-4.el6_5.x86_64 RHSA-2014:0917 Critical/Sec. nss-sysinit-3.16.1-4.el6_5.x86_64 RHSA-2014:0917 Critical/Sec. nss-tools-3.16.1-4.el6_5.x86_64 RHSA-2014:0917 Critical/Sec. nss-util-3.16.1-1.el6_5.x86_64 RHSA-2013:1764 Critical/Sec. ruby-1.8.7.352-13.el6.x86_64 RHSA-2013:1764 Critical/Sec. ruby-libs-1.8.7.352-13.el6.x86_64 RHSA-2015:0251 Critical/Sec. samba-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. samba-3.6.23-30.el6_7.x86_64 RHSA-2015:0251 Critical/Sec. samba-client-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. samba-client-3.6.23-30.el6_7.x86_64 RHSA-2015:0251 Critical/Sec. samba-common-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. samba-common-3.6.23-30.el6_7.x86_64 RHSA-2015:0251 Critical/Sec. samba-winbind-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. samba-winbind-3.6.23-30.el6_7.x86_64 RHSA-2015:0251 Critical/Sec. samba-winbind-clients-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. samba-winbind-clients-3.6.23-30.el6_7.x86_64 RHSA-2015:0250 Critical/Sec. samba4-libs-4.0.0-66.el6_6.rc4.x86_64 RHSA-2013:0614 Critical/Sec. xulrunner-17.0.3-2.el6_4.x86_64 RHSA-2013:0696 Critical/Sec. xulrunner-17.0.5-1.el6_4.x86_64 RHSA-2013:0820 Critical/Sec. xulrunner-17.0.6-2.el6_4.x86_64 RHSA-2013:0981 Critical/Sec. xulrunner-17.0.7-1.el6_4.x86_64 RHSA-2013:1140 Critical/Sec. xulrunner-17.0.8-3.el6_4.x86_64 RHSA-2013:1268 Critical/Sec. xulrunner-17.0.9-1.el6_4.x86_64 RHSA-2013:1476 Critical/Sec. xulrunner-17.0.10-1.el6_4.x86_64 updateinfo list done
To find out detailed information about an update
#yum updateinfo RHSA-2016:0175
Loaded plugins: package_upload, product-id, security, subscription-manager
This system is receiving updates from Red Hat Subscription Management.
rhel-6-server-rpms | 2.0 kB 00:00
===============================================================================
Critical: glibc security and bug fix update
===============================================================================
Update ID : RHSA-2016:0175
Release :
Type : security
Status : final
Issued : 2016-02-16 00:00:00
Bugs : 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
CVEs : CVE-2015-7547
Description : The glibc packages provide the standard C libraries (libc),etc
: POSIX thread libraries (libpthread), standard math
: libraries (libm), and the Name Server Caching
: Daemon (nscd) used by multiple programs on the
: system. Without these libraries, the Linux system
: cannot function correctly.
:
: A stack-based buffer overflow was found in the way
: the libresolv library performed dual A/AAAA DNS
: queries. A remote attacker could create a
: specially crafted DNS response which could cause
: libresolv to crash or, potentially, execute code
: with the permissions of the user running the
: library. Note: this issue is only exposed when
: libresolv is called from the nss_dns NSS service
: module. (CVE-2015-7547)
:
: This issue was discovered by the Google Security
: Team and Red Hat.
:
: This update also fixes the following bugs:
:
: * The dynamic loader has been enhanced to allow
: the loading of more shared libraries that make
: use of static thread local storage. While static
: thread local storage is the fastest access
: mechanism it may also prevent the shared library
: from being loaded at all since the static
: storage space is a limited and shared
: process-global resource. Applications which
: would previously fail with "dlopen: cannot load
: any more object with static TLS" should now
: start up correctly. (BZ#1291270)
:
: * A bug in the POSIX realtime support would cause
: asynchronous I/O or certain timer API calls to
: fail and return errors in the presence of large
: thread-local storage data that exceeded
: PTHREAD_STACK_MIN in size (generally 16 KiB).
: The bug in librt has been corrected and the
: impacted APIs no longer return errors when large
: thread-local storage data is present in the
: application. (BZ#1301625)
:
: All glibc users are advised to upgrade to these
: updated packages, which contain backported patches
: to correct these issues.
Severity : Critical
updateinfo info done
To install all available updates except the kernel packages
yum update --exclude=kernel*
To check if a reboot is required of processes need restarting after a package update, the needs-restarting command can be used:
#needs-restarting 2569 : sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue 2274 : /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 2540 : ntpd -u ntp:ntp -p /var/run/ntpd.pid -g 2581 : crond 1543 : /sbin/udevd -d 2206 : /sbin/dhclient -6 -nw -lf /var/lib/dhclient/dhclient6-eth0.leases -pf /var/run/dhclient6-eth0.pid eth0 2595 : /usr/sbin/atd 2560 : sendmail: accepting connections 2314 : rpcbind 2296 : rngd --no-tpm=1 --quiet 1 : /sbin/init 1873 : lvmetad 2401 : /usr/sbin/acpid 8596 : /sbin/udevd -d 2366 : dbus-daemon --system 8595 : /sbin/udevd -d 2253 : auditd 1882 : lvmpolld 2074 : /sbin/dhclient -q -lf /var/lib/dhclient/dhclient-eth0.leases -pf /var/run/dhclient-eth0.pid eth0
to check if a reboot is required , use the -r argument
#needs-restarting -r
Core libraries or services have been updated:
kernel -> 4.9.43-17.38.amzn1
glibc -> 2.17-196.172.amzn1
Reboot is required to ensure that your system benefits from these updates.
Still stuck? Maybe we can help. Contact us here
Never miss a thing subscribe to our newsletter
or follow us on twitter
For more super cool techie stuff check out our blog!!
Recent Changes
- Cron Tricks created
Contribute to this wiki
Why not help others by sharing your knowledge? Contribute something to this wiki and
join out hall of fame!
Contact us for a user name and password
