upgrade security patches for centos 7

General support questions
Post Reply
atolika
Posts: 2
Joined: 2021/12/01 15:30:53

upgrade security patches for centos 7

Post by atolika » 2021/12/02 07:19:06

when i try to get security patches for centos 7
i got all packages candidates but i even dont have them installed on my system
What would you recommend for centos security patching from any CVE
for current installation with packages already installed
how to get list securiy patches only for packages installed already?

Also how can i connect centos 8 base repo is it ok to get packages from it
Will they work on centos 7

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: upgrade security patches for centos 7

Post by jlehtone » 2021/12/02 10:00:31

Code: Select all

yum update
CentOS does not tag packages with security, etc metadata. Therefore, it is not possible to get "only security patched" subset.

The yum update installs available updates for already installed packages. If there are many, then you haven't done that in a while.


EL8 is a "totally unrelated" distro. Its packages will break EL7 installation. If you want EL8, then you make a fresh install of whole EL8.

EL7 (RHEL 7, CentOS Linux 7) will receive updates until June 2024. All its updates are now security or critical bug fixes; no new features.

EL8 (RHEL 8, AlmaLinux, Rocky Linux, etc) will receive updates until 2029.
CentOS Linux 8 has End-of-Life 2021-12-31.
CentOS Stream 8 is a rolling preview of next future EL8 point release.

londe
Posts: 1
Joined: 2022/04/11 08:14:08

Re: upgrade security patches for centos 7

Post by londe » 2022/04/11 10:46:40

The manpage of yum in CentOS 7 still lists --security as a valid switch
--security
This option includes packages that say they fix a security issue, in updates.
so this is the intended design, more so, as CentOS is supposed to be a faithful rebuild of the RHEL behavior.

Is the command "yum update" (without the security switch) the official way to update the security on CentOS 7 linux system ?

Thanks in advance for your answer.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: upgrade security patches for centos 7

Post by TrevorH » 2022/04/11 11:32:45

Is the command "yum update" (without the security switch) the official way to update the security on CentOS 7 linux system ?
Yes. Since there is no security metadata in the yum repos for CentOS, it doesn't know what are security updates and what are not. As far as it knows, none are since the security metadata doesn't say anything. So the only way is to update everything.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: upgrade security patches for centos 7

Post by jlehtone » 2022/04/11 11:43:12

londe wrote:
2022/04/11 10:46:40
The manpage of yum in CentOS 7 still lists --security as a valid switch
Obviously CentOS should apply a patch to that text when they rebuild yum,
just like registered trademarks are replaced.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: upgrade security patches for centos 7

Post by TrevorH » 2022/04/11 14:34:12

AFAIK no man pages etc have even been updated by CentOS. It's only the things they were legally obliged to change to comply with RH trademarks and logos that were ever patched.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

hokie1999
Posts: 39
Joined: 2011/08/10 15:03:16

Re: upgrade security patches for centos 7

Post by hokie1999 » 2022/06/27 13:55:26

I am tasked with patching a server that's never been patched for years. I received a notification that lists patches, here is one example....

CentOS Security Update for httpd (CESA-2017:2479)
Server 1
Server 2
CentOS Security Update for httpd (CESA-2019:1898)
Server 1
Server 2
CentOS Security Update for httpd (CESA-2020:1121)
Server 1
Server 2

Am I good to run yum update httpd and this will take care of all CESA's for httpd? Then repeat for all other CESA's: bind, bash, kernel....

I see from above on this thread that this appears to be the case, so I'm just checking here, many thanks! :D

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: upgrade security patches for centos 7

Post by TrevorH » 2022/06/27 15:11:52

We do not test individiual updates, only as a whole. So the correct update path is yum update not yum update httpd
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply