UPDATE: I haven’t used CentOS in several years, and from the comment in the Comments section below, it appears that the approach I wrote about in this tutorial (several years ago) no longer works. I’m keeping the original contents here only to provide some context. Please see this CentOS forum link for current information.
*** everything below here is out of date ***
If you want to install only security-related updates to your CentOS Linux installation using the
yum command, it looks like the
yum-plugin-security plugin might be a good option. (I’m having a few problems with it at the moment, so I can’t say that this is the absolute solution.) I found it on this page and this page.
A short version of the commands shown on the second page are this:
# install the security plugin yum -y install yum-plugin-security # display all security-related updates yum --security check-update # list all bugs fixed yum updateinfo list bugzillas # summary of advisories yum updateinfo summary # upgrade all packages with security info to latest available package yum --security update # upgrade all packages with security info to last security update # (as opposed to the latest possible update) yum --security update-minimal # help man 8 yum-security
See the first link (the Red Hat URL) for more detailed commands.
The beginning of the
yum-security man page look like this:
NAME yum security plugin SYNOPSIS yum [options] [command] [package ...] DESCRIPTION This plugin extends yum to allow lists and updates to be limited using security relevant criteria added yum commands are: yum update-minimal This works like the update command, but if you have the the package foo-1 installed and have foo-2 and foo-3 available with updateinfo.xml then update-minimal will update you to foo-3. yum updateinfo info yum updateinfo list yum updateinfo summary all of the last three take these sub-commands: yum updateinfo * all yum updateinfo * available yum updateinfo * installed yum updateinfo * updates and then: * <advisory> [advisory...] * <package> * bugzillas * cves * enhancement * security * new-packages
In summary, if you want to install only security-related updates to your CentOS Linux installation, I hope this article has been a good starting point.
this information is not correct, yum update --security does not work in CentOS, see for example the last post from CentOS Team Mebmber TrevorH:
Shankardeo: just because they do not fail does not mean they do anything useful. The necessary metadata needed for yum-plugin-security to function - i.e. to know what patches fix what - is missing entirely from the CentOS supplied yum repos. This renders yum-plugin-security a noop and if you use yum update --security then it will always tell you that nothing from CentOS needs an update thus giving you a false sense of security as the reason it doesn't is because it lacks the knowledge to know that such-and-such a patch is a security update.
The EPEL yum repo does have this metadata and yum-plugin-security will work for those packages but it will not do anything for the 6700 packages in base or the 500 packages in the updates repo.