• yum search libstd++ - search for specific package
  • yum provides libstdc++.so5 - find which package this file belongs to
  • yum install libstdc++…..rpm - install the package
  • yum clean all - to re-read the repository
  • yum list available –showduplicates puppet - list all versions of a package (puppet in this case) available

Yum also has some utilities available. These can be installed as follows:

 root@server $ yum install yum-utils

One use of this is to tidy up old kernel entries

root@server $ rpm -q kernel

 root@machine $ package-cleanup --oldkernels --count=2

The package-cleanup command will delete the old kernel packages leaving just the last 2. Useful if /boot is getting a bit filled up.

You can use yum to check for critical security updates as follows. For RHEL 6 , need to check yum-security-plugin is installed (for RHEL 7 it has been incorporated into yum)

 #rpm -qa | grep yum-plugin-security

Check for critical security updates

 #yum --security --sec-severity=Critical check-update
 Loaded plugins: package_upload, product-id, security, subscription-manager
 This system is receiving updates from Red Hat Subscription Management.
 rhel-6-server-rpms                                                                                       | 2.0 kB     00:00
 rhel-6-server-rpms/primary                                                                               |  29 MB     00:00
 rhel-6-server-rpms                                                                                                  18431/18431
 Limiting package lists to security relevant ones
 rhel-6-server-rpms/updateinfo                                                                            | 3.3 MB     00:00
 23 package(s) needed for security, out of 585 available<br>
 glibc.i686                                                  2.12-1.192.el6                       rhel-6-server-rpms
 glibc.x86_64                                                2.12-1.192.el6                       rhel-6-server-rpms
 glibc-common.x86_64                                         2.12-1.192.el6                       rhel-6-server-rpms
 glibc-devel.x86_64                                          2.12-1.192.el6                       rhel-6-server-rpms
 glibc-headers.x86_64                                        2.12-1.192.el6                       rhel-6-server-rpms
 java-1.6.0-openjdk.x86_64                                   1:           rhel-6-server-rpms
 java-1.7.0-openjdk.x86_64                                   1:            rhel-6-server-rpms
 libsmbclient.x86_64                                         3.6.23-36.el6_8                      rhel-6-server-rpms
 nscd.x86_64                                                 2.12-1.192.el6                       rhel-6-server-rpms
 nspr.x86_64                                                 4.11.0-1.el6                         rhel-6-server-rpms
 nss.x86_64                                                  3.21.3-2.el6_8                       rhel-6-server-rpms
 nss-sysinit.x86_64                                          3.21.3-2.el6_8                       rhel-6-server-rpms
 nss-tools.x86_64                                            3.21.3-2.el6_8                       rhel-6-server-rpms
 nss-util.x86_64                                             3.21.3-1.el6_8                       rhel-6-server-rpms
 ruby.x86_64                                                           rhel-6-server-rpms
 ruby-libs.x86_64                                                      rhel-6-server-rpms
 samba.x86_64                                                3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-client.x86_64                                         3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-common.x86_64                                         3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-winbind.x86_64                                        3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-winbind-clients.x86_64                                3.6.23-36.el6_8                      rhel-6-server-rpms
 samba4-libs.x86_64                                          4.2.10-7.el6_8                       rhel-6-server-rpms
 xulrunner.x86_64                                            17.0.10-1.el6_4                      rhel-6-server-rpms

And to apply these security updates

 yum --security --sec-severity=Critical,Important update

To find the advisory references

 # yum --sec-severity=Critical updateinfo list
 Loaded plugins: package_upload, product-id, security, subscription-manager
 This system is receiving updates from Red Hat Subscription Management.
 rhel-6-server-rpms                                                                                           | 2.0 kB    0:00
 RHSA-2016:0175 Critical/Sec. glibc-2.12-1.166.el6_7.7.i686
 RHSA-2016:0175 Critical/Sec. glibc-common-2.12-1.166.el6_7.7.x86_64
 RHSA-2016:0175 Critical/Sec. glibc-devel-2.12-1.166.el6_7.7.x86_64
 RHSA-2016:0175 Critical/Sec. glibc-headers-2.12-1.166.el6_7.7.x86_64
 RHSA-2013:0605 Critical/Sec. java-1.6.0-openjdk-1:
 RHSA-2013:0602 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2013:0751 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2013:0957 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2013:1451 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2014:0026 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2014:0406 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2016:0053 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2016:0511 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2016:0675 Critical/Sec. java-1.7.0-openjdk-1:
 RHSA-2015:0251 Critical/Sec. libsmbclient-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. libsmbclient-3.6.23-30.el6_7.x86_64
 RHSA-2016:0175 Critical/Sec. nscd-2.12-1.166.el6_7.7.x86_64
 RHSA-2014:0917 Critical/Sec. nspr-4.10.6-1.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-3.16.1-4.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-sysinit-3.16.1-4.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-tools-3.16.1-4.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-util-3.16.1-1.el6_5.x86_64
 RHSA-2013:1764 Critical/Sec. ruby-
 RHSA-2013:1764 Critical/Sec. ruby-libs-
 RHSA-2015:0251 Critical/Sec. samba-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-client-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-client-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-common-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-common-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-winbind-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-winbind-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-winbind-clients-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-winbind-clients-3.6.23-30.el6_7.x86_64
 RHSA-2015:0250 Critical/Sec. samba4-libs-4.0.0-66.el6_6.rc4.x86_64
 RHSA-2013:0614 Critical/Sec. xulrunner-17.0.3-2.el6_4.x86_64
 RHSA-2013:0696 Critical/Sec. xulrunner-17.0.5-1.el6_4.x86_64
 RHSA-2013:0820 Critical/Sec. xulrunner-17.0.6-2.el6_4.x86_64
 RHSA-2013:0981 Critical/Sec. xulrunner-17.0.7-1.el6_4.x86_64
 RHSA-2013:1140 Critical/Sec. xulrunner-17.0.8-3.el6_4.x86_64
 RHSA-2013:1268 Critical/Sec. xulrunner-17.0.9-1.el6_4.x86_64
 RHSA-2013:1476 Critical/Sec. xulrunner-17.0.10-1.el6_4.x86_64
 updateinfo list done

To find out detailed information about an update

 #yum updateinfo    RHSA-2016:0175
 Loaded plugins: package_upload, product-id, security, subscription-manager
 This system is receiving updates from Red Hat Subscription Management.
 rhel-6-server-rpms                                                                                                | 2.0 kB     00:00
   Critical: glibc security and bug fix update
   Update ID :    RHSA-2016:0175
   Release :
     Type : security
   Status : final
   Issued : 2016-02-16 00:00:00
     Bugs : 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
     CVEs : CVE-2015-7547
 Description : The glibc packages provide the standard C libraries (libc),etc
          : POSIX thread libraries (libpthread), standard math
          : libraries (libm), and the Name Server Caching
          : Daemon (nscd) used by multiple programs on the
          : system. Without these libraries, the Linux system
          : cannot function correctly.
          : A stack-based buffer overflow was found in the way
          : the libresolv library performed dual A/AAAA DNS
          : queries. A remote attacker could create a
          : specially crafted DNS response which could cause
          : libresolv to crash or, potentially, execute code
          : with the permissions of the user running the
          : library. Note: this issue is only exposed when
          : libresolv is called from the nss_dns NSS service
          : module. (CVE-2015-7547)
          : This issue was discovered by the Google Security
          : Team and Red Hat.
          : This update also fixes the following bugs:
          : * The dynamic loader has been enhanced to allow
          :   the loading of more shared libraries that make
          :   use of static thread local storage. While static
          :   thread local storage is the fastest access
          :   mechanism it may also prevent the shared library
          :   from being loaded at all since the static
          :   storage space is a limited and shared
          :   process-global resource. Applications which
          :   would previously fail with "dlopen: cannot load
          :   any more object with static TLS" should now
          :   start up correctly. (BZ#1291270)
          : * A bug in the POSIX realtime support would cause
          :   asynchronous I/O or certain timer API calls to
          :   fail and return errors in the presence of large
          :   thread-local storage data that exceeded
          :   PTHREAD_STACK_MIN in size (generally 16 KiB).
          :   The bug in librt has been corrected and the
          :   impacted APIs no longer return errors when large
          :   thread-local storage data is present in the
          :   application. (BZ#1301625)
          : All glibc users are advised to upgrade to these
          : updated packages, which contain backported patches
          : to correct these issues.
  Severity : Critical
 updateinfo info done

To install all available updates except the kernel packages

  yum update --exclude=kernel* 

To check if a reboot is required of processes need restarting after a package update, the needs-restarting command can be used:

  2569 : sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
  2274 : /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
  2540 : ntpd -u ntp:ntp -p /var/run/ntpd.pid -g
  2581 : crond
  1543 : /sbin/udevd -d
  2206 : /sbin/dhclient -6 -nw -lf /var/lib/dhclient/dhclient6-eth0.leases -pf /var/run/dhclient6-eth0.pid eth0
  2595 : /usr/sbin/atd
  2560 : sendmail: accepting connections
  2314 : rpcbind
  2296 : rngd --no-tpm=1 --quiet
  1 : /sbin/init
  1873 : lvmetad
  2401 : /usr/sbin/acpid
  8596 : /sbin/udevd -d
  2366 : dbus-daemon --system
  8595 : /sbin/udevd -d
  2253 : auditd
 1882 : lvmpolld
 2074 : /sbin/dhclient -q -lf /var/lib/dhclient/dhclient-eth0.leases -pf /var/run/dhclient-eth0.pid eth0

to check if a reboot is required , use the -r argument

    #needs-restarting -r
    Core libraries or services have been updated:
       kernel -> 4.9.43-17.38.amzn1
       glibc -> 2.17-196.172.amzn1
   Reboot is required to ensure that your system benefits from these updates.

Recent Changes