Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 234646 - yum plugin for security updates
Summary: yum plugin for security updates
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: distribution
Version: 5.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: James Antill
QA Contact:
: 220294 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2007-03-30 19:17 UTC by Steve Grubb
Modified: 2013-01-10 10:18 UTC (History)
8 users (show)

Fixed In Version: RHEA-2007-0607
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2007-11-07 16:35:15 UTC
Target Upstream Version:

Attachments (Terms of Use)
yum security plugin python file (deleted)
2007-04-11 07:49 UTC, James Antill
no flags Details

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2007:0607 normal SHIPPED_LIVE yum-utils enhancement update 2007-10-30 15:52:33 UTC

Description Steve Grubb 2007-03-30 19:17:10 UTC
Description of problem:
We would like to have a yum plugin that could do these:

yum update -y --security
yum update -y --cve X
yum update -y --bz X"

Other possibly useful things:

yum update -y --advisory RHSA-2007:0099
yum update -y --advisory 2007:0099

Some way to have yum list give you a list of outstanding CVE's "show me 
what CVE's I'm vulnerable to unless I update"

Version-Release number of selected component (if applicable):

Comment 2 RHEL Product and Program Management 2007-03-30 19:24:29 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update

Comment 3 James Antill 2007-04-11 07:49:06 UTC
Created attachment 152255 [details]
yum security plugin python file

 This is just the first attempt at the python plugin code. So to install it you
need to setup:

% cat /etc/yum/pluginconf.d/security.conf
% egrep plugin /etc/yum.conf

...and then do...

sudo cp /usr/lib/yum-plugins/

...I think this is most of what everyone wanted, you can do (using not quite
updated FC-6):

yum --security update
yum --cve CVE-2007-1667 update
yum --bz 235374 --bz 234688 update
yum --advisory FEDORA-2007-420	--advisory FEDORA-2007-346 update

...dito. above with "list updates" "info updates" or check-update. You can also

yum sec-list
yum sec-list bugzillas / yum sec-list bzs
yum sec-list cves

...any more features anyone can think of, please reply soonish (no guarantees

 I'm guessing at this point we'll want to put it in an rpm, and ship it in
FC-7/RHEL-5.1 ? I'll be working on doing that unless someone shouts, also some
minimal documentation would be good I guess :).

Comment 4 James Antill 2007-04-11 14:22:20 UTC
 One minor bug that should probably be fixed in some way for RHEL-5 is that:

yum --bz 1 update

...displays a zero length transaction to the user, IMO this should be fixed in
yum itself ... but I'm open to just whacking it in the plugin itself (although
the UI might not be as nice).

 Also taking out of modified until we know where it's going, etc.

Comment 5 James Antill 2007-04-12 16:51:17 UTC
 I've put the code in an rpm, and added a man page. You can get it from my
people page here:

Comment 6 James Antill 2007-04-19 19:42:37 UTC
*** Bug 220294 has been marked as a duplicate of this bug. ***

Comment 9 James Antill 2007-06-26 20:42:30 UTC
 This is going out as part of yum-utils. This new package will require a Release
note. man yum-security gives significant info. the summary is that installing
the yum-security package extends yum to allow lists and updates to be limited
using security relevant criteria.

Comment 11 James Antill 2007-06-26 23:23:02 UTC
% egrep '^.package' yum-utils.spec
%package -n yum-updateonboot
%package -n yum-changelog
%package -n yum-fastestmirror
%package -n yum-fedorakmod
%package -n yum-protectbase
%package -n yum-versionlock
%package -n yum-tsflags
%package -n yum-kernel-module
%package -n yum-downloadonly
%package -n yum-allowdowngrade
%package -n yum-skip-broken
%package -n yum-priorities
%package -n yum-refresh-updatesd
%package -n yum-merge-conf
%package -n yum-security yum-utils itself:

% rpm -ql yum-utils              

Comment 13 James Antill 2007-06-27 01:25:36 UTC
 The major feature requested is "I want to apply only security updates, so as to
minimize risk" and that can now be done by installing the yum-security plugin
and doing:

yum update --security

...I believe Steve also has some govt. std. that would like this behaviour.

Comment 14 Don Domingo 2007-06-27 01:39:53 UTC
adding to release notes:

Users can now limit yum to install security updates only. To do so, simply
install the yum-security plugin and run the following command:

yum update --security

please advise if any revisions are required. thanks!

Comment 17 errata-xmlrpc 2007-11-07 16:35:15 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.