Useful yum Commands
- yum search libstd++ - search for specific package
- yum provides libstdc++.so5 - find which package this file belongs to
- yum install libstdc++…..rpm - install the package
- yum clean all - to re-read the repository
Yum also has some utilities available. These can be installed as follows:
root@server $ yum install yum-utils
One use of this is to tidy up old lernel entries
root@server $ rpm -q kernel
kernel-2.6.32-220.2.1.el6.i686 kernel-2.6.32-220.4.1.el6.i686 kernel-2.6.32-220.4.2.el6.i686 kernel-2.6.32-220.7.1.el6.i686 root@machine $ package-cleanup --oldkernels --count=2
The package-cleanup command will delete the old kernel packages leaving just the last 2. Useful if /boot is getting a bit filled up.
You can use yum to check for critical security updates as follows. For RHEL 6 , need to check yum-security-plugin is installed (for RHEL 7 it has been incorporated into yum)
#rpm -qa | grep yum-plugin-security yum-plugin-security-1.1.30-14.el6.noarch
Check for critical security updates
#yum --security --sec-severity=Critical check-update Loaded plugins: package_upload, product-id, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. rhel-6-server-rpms | 2.0 kB 00:00 rhel-6-server-rpms/primary | 29 MB 00:00 rhel-6-server-rpms 18431/18431 Limiting package lists to security relevant ones rhel-6-server-rpms/updateinfo | 3.3 MB 00:00 23 package(s) needed for security, out of 585 available<br> glibc.i686 2.12-1.192.el6 rhel-6-server-rpms glibc.x86_64 2.12-1.192.el6 rhel-6-server-rpms glibc-common.x86_64 2.12-1.192.el6 rhel-6-server-rpms glibc-devel.x86_64 2.12-1.192.el6 rhel-6-server-rpms glibc-headers.x86_64 2.12-1.192.el6 rhel-6-server-rpms java-1.6.0-openjdk.x86_64 1:1.6.0.41-1.13.13.1.el6_8 rhel-6-server-rpms java-1.7.0-openjdk.x86_64 1:1.7.0.121-2.6.8.1.el6_8 rhel-6-server-rpms libsmbclient.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms nscd.x86_64 2.12-1.192.el6 rhel-6-server-rpms nspr.x86_64 4.11.0-1.el6 rhel-6-server-rpms nss.x86_64 3.21.3-2.el6_8 rhel-6-server-rpms nss-sysinit.x86_64 3.21.3-2.el6_8 rhel-6-server-rpms nss-tools.x86_64 3.21.3-2.el6_8 rhel-6-server-rpms nss-util.x86_64 3.21.3-1.el6_8 rhel-6-server-rpms ruby.x86_64 1.8.7.374-4.el6_6 rhel-6-server-rpms ruby-libs.x86_64 1.8.7.374-4.el6_6 rhel-6-server-rpms samba.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms samba-client.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms samba-common.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms samba-winbind.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms samba-winbind-clients.x86_64 3.6.23-36.el6_8 rhel-6-server-rpms samba4-libs.x86_64 4.2.10-7.el6_8 rhel-6-server-rpms xulrunner.x86_64 17.0.10-1.el6_4 rhel-6-server-rpms
And to apply these security updates
yum --security --sec-severity=Critical,Important update
To find the advisory references
# yum --sec-severity=Critical updateinfo list Loaded plugins: package_upload, product-id, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. rhel-6-server-rpms | 2.0 kB 0:00 RHSA-2016:0175 Critical/Sec. glibc-2.12-1.166.el6_7.7.i686 RHSA-2016:0175 Critical/Sec. glibc-common-2.12-1.166.el6_7.7.x86_64 RHSA-2016:0175 Critical/Sec. glibc-devel-2.12-1.166.el6_7.7.x86_64 RHSA-2016:0175 Critical/Sec. glibc-headers-2.12-1.166.el6_7.7.x86_64 RHSA-2013:0605 Critical/Sec. java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64 RHSA-2013:0602 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.9-2.3.8.0.el6_4.x86_64 RHSA-2013:0751 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.19-2.3.9.1.el6_4.x86_64 RHSA-2013:0957 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.25-2.3.10.3.el6_4.x86_64 RHSA-2013:1451 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.45-2.4.3.2.el6_4.x86_64 RHSA-2014:0026 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.51-2.4.4.1.el6_5.x86_64 RHSA-2014:0406 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el6_5.x86_64 RHSA-2016:0053 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el6_7.x86_64 RHSA-2016:0511 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el6_7.x86_64 RHSA-2016:0675 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.101-2.6.6.1.el6_7.x86_64 RHSA-2015:0251 Critical/Sec. libsmbclient-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. libsmbclient-3.6.23-30.el6_7.x86_64 RHSA-2016:0175 Critical/Sec. nscd-2.12-1.166.el6_7.7.x86_64 RHSA-2014:0917 Critical/Sec. nspr-4.10.6-1.el6_5.x86_64 RHSA-2014:0917 Critical/Sec. nss-3.16.1-4.el6_5.x86_64 RHSA-2014:0917 Critical/Sec. nss-sysinit-3.16.1-4.el6_5.x86_64 RHSA-2014:0917 Critical/Sec. nss-tools-3.16.1-4.el6_5.x86_64 RHSA-2014:0917 Critical/Sec. nss-util-3.16.1-1.el6_5.x86_64 RHSA-2013:1764 Critical/Sec. ruby-1.8.7.352-13.el6.x86_64 RHSA-2013:1764 Critical/Sec. ruby-libs-1.8.7.352-13.el6.x86_64 RHSA-2015:0251 Critical/Sec. samba-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. samba-3.6.23-30.el6_7.x86_64 RHSA-2015:0251 Critical/Sec. samba-client-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. samba-client-3.6.23-30.el6_7.x86_64 RHSA-2015:0251 Critical/Sec. samba-common-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. samba-common-3.6.23-30.el6_7.x86_64 RHSA-2015:0251 Critical/Sec. samba-winbind-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. samba-winbind-3.6.23-30.el6_7.x86_64 RHSA-2015:0251 Critical/Sec. samba-winbind-clients-3.6.23-14.el6_6.x86_64 RHSA-2016:0611 Critical/Sec. samba-winbind-clients-3.6.23-30.el6_7.x86_64 RHSA-2015:0250 Critical/Sec. samba4-libs-4.0.0-66.el6_6.rc4.x86_64 RHSA-2013:0614 Critical/Sec. xulrunner-17.0.3-2.el6_4.x86_64 RHSA-2013:0696 Critical/Sec. xulrunner-17.0.5-1.el6_4.x86_64 RHSA-2013:0820 Critical/Sec. xulrunner-17.0.6-2.el6_4.x86_64 RHSA-2013:0981 Critical/Sec. xulrunner-17.0.7-1.el6_4.x86_64 RHSA-2013:1140 Critical/Sec. xulrunner-17.0.8-3.el6_4.x86_64 RHSA-2013:1268 Critical/Sec. xulrunner-17.0.9-1.el6_4.x86_64 RHSA-2013:1476 Critical/Sec. xulrunner-17.0.10-1.el6_4.x86_64 updateinfo list done
To find out detailed information about an update
#yum updateinfo RHSA-2016:0175
Loaded plugins: package_upload, product-id, security, subscription-manager
This system is receiving updates from Red Hat Subscription Management.
rhel-6-server-rpms | 2.0 kB 00:00
===============================================================================
Critical: glibc security and bug fix update
===============================================================================
Update ID : RHSA-2016:0175
Release :
Type : security
Status : final
Issued : 2016-02-16 00:00:00
Bugs : 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
CVEs : CVE-2015-7547
Description : The glibc packages provide the standard C libraries (libc),etc
: POSIX thread libraries (libpthread), standard math
: libraries (libm), and the Name Server Caching
: Daemon (nscd) used by multiple programs on the
: system. Without these libraries, the Linux system
: cannot function correctly.
:
: A stack-based buffer overflow was found in the way
: the libresolv library performed dual A/AAAA DNS
: queries. A remote attacker could create a
: specially crafted DNS response which could cause
: libresolv to crash or, potentially, execute code
: with the permissions of the user running the
: library. Note: this issue is only exposed when
: libresolv is called from the nss_dns NSS service
: module. (CVE-2015-7547)
:
: This issue was discovered by the Google Security
: Team and Red Hat.
:
: This update also fixes the following bugs:
:
: * The dynamic loader has been enhanced to allow
: the loading of more shared libraries that make
: use of static thread local storage. While static
: thread local storage is the fastest access
: mechanism it may also prevent the shared library
: from being loaded at all since the static
: storage space is a limited and shared
: process-global resource. Applications which
: would previously fail with "dlopen: cannot load
: any more object with static TLS" should now
: start up correctly. (BZ#1291270)
:
: * A bug in the POSIX realtime support would cause
: asynchronous I/O or certain timer API calls to
: fail and return errors in the presence of large
: thread-local storage data that exceeded
: PTHREAD_STACK_MIN in size (generally 16 KiB).
: The bug in librt has been corrected and the
: impacted APIs no longer return errors when large
: thread-local storage data is present in the
: application. (BZ#1301625)
:
: All glibc users are advised to upgrade to these
: updated packages, which contain backported patches
: to correct these issues.
Severity : Critical
updateinfo info done
To install all available updates except the kernel packages
yum update --exclude=kernel*
To check if a reboot is required of processes need restarting after a package update, the needs-restarting command can be used:
#needs-restarting 2569 : sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue 2274 : /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 2540 : ntpd -u ntp:ntp -p /var/run/ntpd.pid -g 2581 : crond 1543 : /sbin/udevd -d 2206 : /sbin/dhclient -6 -nw -lf /var/lib/dhclient/dhclient6-eth0.leases -pf /var/run/dhclient6-eth0.pid eth0 2595 : /usr/sbin/atd 2560 : sendmail: accepting connections 2314 : rpcbind 2296 : rngd --no-tpm=1 --quiet 1 : /sbin/init 1873 : lvmetad 2401 : /usr/sbin/acpid 8596 : /sbin/udevd -d 2366 : dbus-daemon --system 8595 : /sbin/udevd -d 2253 : auditd 1882 : lvmpolld 2074 : /sbin/dhclient -q -lf /var/lib/dhclient/dhclient-eth0.leases -pf /var/run/dhclient-eth0.pid eth0
to check if a reboot is required , use the -r argument
#needs-restarting -r
Core libraries or services have been updated:
kernel -> 4.9.43-17.38.amzn1
glibc -> 2.17-196.172.amzn1
Reboot is required to ensure that your system benefits from these updates.
Still stuck? Maybe we can help. Contact us here
Never miss a thing subscribe to our newsletter
or follow us on twitter
For more super cool techie stuff check out our blog!!
Recent Changes
Contribute to this wiki
Why not help others by sharing your knowledge? Contribute something to this wiki and
join out hall of fame!
Contact us for a user name and password
