Installing security updates only with CentOS yum

UPDATE: I haven’t used CentOS in several years, and from the comment in the Comments section below, it appears that the approach I wrote about in this tutorial (several years ago) no longer works. I’m keeping the original contents here only to provide some context. Please see this CentOS forum link for current information.

 

*** everything below here is out of date ***

If you want to install only security-related updates to your CentOS Linux installation using the yum command, it looks like the yum-plugin-security plugin might be a good option. (I’m having a few problems with it at the moment, so I can’t say that this is the absolute solution.) I found it on this page and this page.

A short version of the commands shown on the second page are this:

# install the security plugin
yum -y install yum-plugin-security

# display all security-related updates
yum --security check-update

# list all bugs fixed
yum updateinfo list bugzillas

# summary of advisories
yum updateinfo summary

# upgrade all packages with security info to latest available package
yum --security update

# upgrade all packages with security info to last security update
# (as opposed to the latest possible update)
yum --security update-minimal

# help
man 8 yum-security

See the first link (the Red Hat URL) for more detailed commands.

The beginning of the yum-security man page look like this:

NAME
     yum security plugin

SYNOPSIS
     yum [options] [command] [package ...]

DESCRIPTION
   This plugin extends yum to allow lists and updates to be limited using security relevant criteria

   added yum commands are:

      yum update-minimal

   This  works  like  the  update  command,  but if you have the the package foo-1 installed and 
   have foo-2 and foo-3 available with updateinfo.xml then update-minimal will update you to foo-3.

      yum updateinfo info
      yum updateinfo list
      yum updateinfo summary

   all of the last three take these sub-commands:

      yum updateinfo * all
      yum updateinfo * available
      yum updateinfo * installed
      yum updateinfo * updates

   and then:

      * <advisory> [advisory...]
      * <package>
      * bugzillas
      * cves
      * enhancement
      * security
      * new-packages

In summary, if you want to install only security-related updates to your CentOS Linux installation, I hope this article has been a good starting point.