LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   yum list-security or yum --security check-update (https://www.linuxquestions.org/questions/linux-security-4/yum-list-security-or-yum-security-check-update-4175636492/)

the_imax 08-16-2018 06:43 AM
yum list-security or yum --security check-update
 
Trying to understand the difference between these two on Centos 6

Quote:
yum list-security
when run lists one package
and
Quote:
yum --security check-update
says "No packages needed for security; 70 packages available"
what is the difference between two and the reason the output differs?

also
Quote:
yum list-security security
just says updateinfo list done without listing any package

jsbjsb001 08-16-2018 07:30 AM
I think it's one of those what's in a name type questions, let me explain;

If I type the following command, I get this:

Code:
[root@jamespc ~]# yum list-security
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.swin.edu.au
 * elrepo: ftp.nluug.nl
 * epel: mirror.optus.net
 * extras: ftp.swin.edu.au
 * ius: ius.mirror.digitalpacific.com.au
 * nux-dextop: li.nux.ro
 * updates: ftp.swin.edu.au
FEDORA-EPEL-2018-b0d388c572 bugfix      gparted-0.31.0-4.el7.1.x86_64
FEDORA-EPEL-2018-55d6f7236d enhancement inxi-3.0.17-1.el7.noarch
FEDORA-EPEL-2018-5c02844769 enhancement libmediainfo-18.05-1.el7.x86_64
FEDORA-EPEL-2018-5c02844769 enhancement mediainfo-gui-18.05-2.el7.x86_64
updateinfo list done
This lists the packages that are deemed "security" fixes for packages. That's it.
From yum's help:
Quote:
list List a package or groups of packages
But if I type the following command, I get this:

Code:
[root@jamespc ~]# yum --security check-update
 ...
 --> VirtualBox-5.0-5.0.22_108108_el7-1.x86_64 from virtualbox excluded (updateinfo)
 --> VirtualBox-5.0-5.0.20_106931_el7-1.x86_64 from virtualbox excluded (updateinfo)
 --> VirtualBox-5.2-5.2.8_121009_el7-1.x86_64 from virtualbox excluded (updateinfo)
 --> VirtualBox-5.2-5.2.6_120293_el7-1.x86_64 from virtualbox excluded (updateinfo)
 --> VirtualBox-5.2-5.2.4_119785_el7-1.x86_64 from virtualbox excluded (updateinfo)
 --> VirtualBox-5.2-5.2.2_119230_el7-1.x86_64 from virtualbox excluded (updateinfo)
 --> VirtualBox-5.2-5.2.14_123301_el7-1.x86_64 from virtualbox excluded (updateinfo)
 --> VirtualBox-5.2-5.2.12_122591_el7-1.x86_64 from virtualbox excluded (updateinfo)
 --> VirtualBox-5.1-5.1.18_114002_el7-1.x86_64 from virtualbox excluded (updateinfo)
 --> VirtualBox-5.1-5.1.28_117968_el7-1.x86_64 from virtualbox excluded (updateinfo)
 --> VirtualBox-5.1-5.1.16_113841_el7-1.x86_64 from virtualbox excluded (updateinfo)
 --> VirtualBox-5.1-5.1.2_108956_el7-1.x86_64 from virtualbox excluded (updateinfo)
No packages needed for security; 15 packages available
This lists "security relevant packages", key word there is "update".
From yum's help again:

Quote:
--security Include security relevant packages, in updates
I'm not sure "yum list-security security" is a valid yum command, but I could be wrong...

the_imax 08-16-2018 07:50 AM
Thanks for that
when you say keyword is "update" in yum --security check-update
than isn't FEDORA-EPEL-2018-b0d388c572 bugfix gparted-0.31.0-4.el7.1.x86_64 a security related update? still not understanding why the output of both differs

jsbjsb001 08-16-2018 08:04 AM
Hopefully I make more sense this time; The "yum list-security" command just lists the packages that have "security fixes" available for them. While the "yum --security check-update" command lists the package "updates" that are "security relevant" - there maybe a number of "security" related "updates" for the same package(s). Notice my second command output that lists the same package, BUT different versions of that same package.

Does that make sense?

the_imax 08-17-2018 03:44 AM
thanks reading more into it I see references that in centos due to copyright issues the security flags are not set on packages in repos
I have ran the same commands on RHEL
and the output of yum list-security security and yum --security check-update lists same programs in output

yum list-security security - list the individual version updates with their RHSA numbers, whereas yum --security check-update just lists the latest version of the package

e.g. for kernel-firware I get following from yum list-security security
Quote:
RHSA-2018:0008 Important/Sec. kernel-firmware-2.6.32-696.18.7.el6.noarch
RHSA-2018:0169 Important/Sec. kernel-firmware-2.6.32-696.20.1.el6.noarch
RHSA-2018:0512 Important/Sec. kernel-firmware-2.6.32-696.23.1.el6.noarch
RHSA-2018:1319 Important/Sec. kernel-firmware-2.6.32-696.28.1.el6.noarch
RHSA-2018:1651 Important/Sec. kernel-firmware-2.6.32-696.30.1.el6.noarch
RHSA-2018:1854 Important/Sec. kernel-firmware-2.6.32-754.el6.noarch
RHSA-2018:2164 Important/Sec. kernel-firmware-2.6.32-754.2.1.el6.noarch
RHSA-2018:2390 Important/Sec. kernel-firmware-2.6.32-754.3.5.el6.noarch
and yum --security check-update just lists
Quote:
kernel-firmware.noarch 2.6.32-754.3.5.el6 rhel-6-server-rpm


All times are GMT -5. The time now is 02:40 PM.