yum list-security vs yum yum --security list updates

Support for security such as Firewalls and securing linux
Post Reply
chap0230
Posts: 3
Joined: 2012/03/22 13:16:24
Contact:

yum list-security vs yum yum --security list updates

Post by chap0230 » 2012/03/22 13:21:01

Hello,
I am on CentOS 5.8 but seeing this same behavior with systems on 5.2-5.8. I have the package yum-security installed which is required for these options...
I'm confused on the difference between yum list-security vs yum yum --security list updates. All of the documentation and examples that I find make them seem like almost the same command. However, "--security" tells me that there are 0 security packages needed and list-security tells me that there is one package needed
Here is what I'm seeing on many of my servers:

[root@svr ~]# yum --security check-update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirror.sanctuaryhost.com
* centosplus: mirror.steadfast.net
* epel: mirror.steadfast.net
* extras: yum.singlehop.com
* updates: mirror.steadfast.net
Limiting package lists to security relevant ones
No packages needed, for security, 264 available
[root@svr ~]#

but list-security shows me that there is one package found

[root@svr ~]# yum list-security
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirror.sanctuaryhost.com
* centosplus: centos.mirrors.tds.net
* epel: mirror.steadfast.net
* extras: yum.singlehop.com
* updates: centos.mirrors.tds.net
FEDORA-EPEL-2011-0163 newpackage python-ethtool-0.6-2.el5.i386
list-security done
[root@svr ~]#


can anyone give me some guidance on why this is happening?
Thanks!!
-Joe

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: yum list-security vs yum yum --security list updates

Post by TrevorH » 2012/03/22 16:58:40

I'm surprised that either of them work - security information is provided by Redhat only and there is no equivalent CentOS feed for it so the yum-security plugin is a no-op on CentOS.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

yum list-security vs yum yum --security list updates

Post by pschaff » 2012/03/23 01:21:24

[quote]
chap0230 wrote:
Hello,
I am on CentOS 5.8 but seeing this same behavior with systems on 5.2-5.8.[/quote]
Kind of an oxymoron to be taking about security and mentioning running 5.2-5.7 in the same post. You should immediately update everything to the current release 5.8. 5.2 is [b][i]seriously[/i][/b] obsolete and has numerous known bugs and security issues that have been fixed in subsequent updates. Obsolete releases are not supported, nor is it advisable to be running them. By not updating you are implicitly accepting that you will live with numerous bugs and security issues (and associated known exploits) that have subsequently been fixed.

See the [url=http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.6]CentOS 5.6 Release Notes[/url] Section 4 for details on the recommended update procedure for older releases, and [url=http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.8]CentOS 5.8 Release Notes[/url] for other information.

chap0230
Posts: 3
Joined: 2012/03/22 13:16:24
Contact:

Re: yum list-security vs yum yum --security list updates

Post by chap0230 » 2012/03/23 13:19:09

So can anyone tell me the difference between "yum list-security" and "yum --security list updates"
all machines running latest 5.8 or 6.2
Thank you
-Joe

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: yum list-security vs yum yum --security list updates

Post by pschaff » 2012/03/23 13:48:35

Differences in "yum" usage output without and with yum-security on CentOS-5:
[code]1c1
< Loaded plugins: fastestmirror, priorities
---
> Loaded plugins: fastestmirror, priorities, security
17a18
> info-security Returns security data for the packages listed, that affects your system
19a21
> list-security Returns security data for the packages listed, that affects your system
28a31
> update-minimal Works like update, but goes to the 'newest' package match which fixes a problem that affects your system
63a67,70
> --security Include security relevant packages
> --cve=CVE Include packages needed to fix the given CVE
> --bz=BZ Include packages needed to fix the given BZ
> --advisory=ADVISORY Include packages needed to fix the given advisory[/code]

Differences in "yum" usage output without and with yum-plugin-security on CentOS-6:
[code]1c1,2
< Loaded plugins: changelog, fastestmirror, priorities, refresh-packagekit
---
> Loaded plugins: changelog, fastestmirror, priorities, refresh-packagekit,
> : security
32a34,35
> update-minimal Works like update, but goes to the 'newest' package match which fixes a problem that affects your system
> updateinfo Acts on repository update information
80a84,91
> --security Include security relevant packages
> --bugfixes Include bugfix relevant packages
> --cve=CVE Include packages needed to fix the given CVE
> --bz=BZ Include packages needed to fix the given BZ
> --sec-severity=SEVERITY
> Include security relevant packages, of this severity
> --advisory=ADVISORY
> Include packages needed to fix the given advisory[/code]
On either release yum will include the output[code]Skipping security plugin, other command[/code]if one attempts to use the plugin.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: yum list-security vs yum yum --security list updates

Post by TrevorH » 2012/03/23 13:51:02

Both options are added by the yum-security plugin but on CentOS they should both do nothing - at least when used to query the CentOS supplied repos as there is no CentOS supplied security metadata in the updateinfo.xml.gz. The only place that I've found that does supply this metadata is the EPEL repository and on that repo, it only seems to work with list-security and not with `yum --security list`. Since both options are added by the same plugin, I'd conclude that one is broken and the other is not :-)

chap0230
Posts: 3
Joined: 2012/03/22 13:16:24
Contact:

Re: yum list-security vs yum yum --security list updates

Post by chap0230 » 2012/03/23 14:40:19

awesome, thank you for the explanations. that makes sense now!
-Joe

wied03
Posts: 1
Joined: 2014/09/28 21:08:59

Re: yum list-security vs yum yum --security list updates

Post by wied03 » 2014/09/28 21:12:18

It's clunky and not the greatest, but I created a Python module that tries to pull together Yum Updates and advisories from the steve-meier Errata site based on installed packages.

In case it helps, here is the source: https://github.com/wied03/centos-package-cron

Post Reply