• yum search libstd++ - search for specific package
  • yum provides libstdc++.so5 - find which package this file belongs to
  • yum install libstdc++…..rpm - install the package
  • yum clean all - to re-read the repository

Yum also has some utilities available. These can be installed as follows:

 root@server $ yum install yum-utils
 

One use of this is to tidy up old lernel entries

root@server $ rpm -q kernel

 kernel-2.6.32-220.2.1.el6.i686
 kernel-2.6.32-220.4.1.el6.i686
 kernel-2.6.32-220.4.2.el6.i686
 kernel-2.6.32-220.7.1.el6.i686
 
 root@machine $ package-cleanup --oldkernels --count=2
 

The package-cleanup command will delete the old kernel packages leaving just the last 2. Useful if /boot is getting a bit filled up.

You can use yum to check for critical security updates as follows. For RHEL 6 , need to check yum-security-plugin is installed (for RHEL 7 it has been incorporated into yum)

 #rpm -qa | grep yum-plugin-security
 yum-plugin-security-1.1.30-14.el6.noarch

Check for critical security updates

 #yum --security --sec-severity=Critical check-update
 Loaded plugins: package_upload, product-id, security, subscription-manager
 This system is receiving updates from Red Hat Subscription Management.
 rhel-6-server-rpms                                                                                       | 2.0 kB     00:00
 rhel-6-server-rpms/primary                                                                               |  29 MB     00:00
 rhel-6-server-rpms                                                                                                  18431/18431
 Limiting package lists to security relevant ones
 rhel-6-server-rpms/updateinfo                                                                            | 3.3 MB     00:00
 23 package(s) needed for security, out of 585 available<br>
 
 glibc.i686                                                  2.12-1.192.el6                       rhel-6-server-rpms
 glibc.x86_64                                                2.12-1.192.el6                       rhel-6-server-rpms
 glibc-common.x86_64                                         2.12-1.192.el6                       rhel-6-server-rpms
 glibc-devel.x86_64                                          2.12-1.192.el6                       rhel-6-server-rpms
 glibc-headers.x86_64                                        2.12-1.192.el6                       rhel-6-server-rpms
 java-1.6.0-openjdk.x86_64                                   1:1.6.0.41-1.13.13.1.el6_8           rhel-6-server-rpms
 java-1.7.0-openjdk.x86_64                                   1:1.7.0.121-2.6.8.1.el6_8            rhel-6-server-rpms
 libsmbclient.x86_64                                         3.6.23-36.el6_8                      rhel-6-server-rpms
 nscd.x86_64                                                 2.12-1.192.el6                       rhel-6-server-rpms
 nspr.x86_64                                                 4.11.0-1.el6                         rhel-6-server-rpms
 nss.x86_64                                                  3.21.3-2.el6_8                       rhel-6-server-rpms
 nss-sysinit.x86_64                                          3.21.3-2.el6_8                       rhel-6-server-rpms
 nss-tools.x86_64                                            3.21.3-2.el6_8                       rhel-6-server-rpms
 nss-util.x86_64                                             3.21.3-1.el6_8                       rhel-6-server-rpms
 ruby.x86_64                                                 1.8.7.374-4.el6_6                    rhel-6-server-rpms
 ruby-libs.x86_64                                            1.8.7.374-4.el6_6                    rhel-6-server-rpms
 samba.x86_64                                                3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-client.x86_64                                         3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-common.x86_64                                         3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-winbind.x86_64                                        3.6.23-36.el6_8                      rhel-6-server-rpms
 samba-winbind-clients.x86_64                                3.6.23-36.el6_8                      rhel-6-server-rpms
 samba4-libs.x86_64                                          4.2.10-7.el6_8                       rhel-6-server-rpms
 xulrunner.x86_64                                            17.0.10-1.el6_4                      rhel-6-server-rpms

And to apply these security updates

 yum --security --sec-severity=Critical,Important update
   

To find the advisory references

 # yum --sec-severity=Critical updateinfo list
 Loaded plugins: package_upload, product-id, security, subscription-manager
 This system is receiving updates from Red Hat Subscription Management.
 rhel-6-server-rpms                                                                                           | 2.0 kB    0:00
 RHSA-2016:0175 Critical/Sec. glibc-2.12-1.166.el6_7.7.i686
 RHSA-2016:0175 Critical/Sec. glibc-common-2.12-1.166.el6_7.7.x86_64
 RHSA-2016:0175 Critical/Sec. glibc-devel-2.12-1.166.el6_7.7.x86_64
 RHSA-2016:0175 Critical/Sec. glibc-headers-2.12-1.166.el6_7.7.x86_64
 RHSA-2013:0605 Critical/Sec. java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
 RHSA-2013:0602 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.9-2.3.8.0.el6_4.x86_64
 RHSA-2013:0751 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.19-2.3.9.1.el6_4.x86_64
 RHSA-2013:0957 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.25-2.3.10.3.el6_4.x86_64
 RHSA-2013:1451 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.45-2.4.3.2.el6_4.x86_64
 RHSA-2014:0026 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.51-2.4.4.1.el6_5.x86_64
 RHSA-2014:0406 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el6_5.x86_64
 RHSA-2016:0053 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el6_7.x86_64
 RHSA-2016:0511 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el6_7.x86_64
 RHSA-2016:0675 Critical/Sec. java-1.7.0-openjdk-1:1.7.0.101-2.6.6.1.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. libsmbclient-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. libsmbclient-3.6.23-30.el6_7.x86_64
 RHSA-2016:0175 Critical/Sec. nscd-2.12-1.166.el6_7.7.x86_64
 RHSA-2014:0917 Critical/Sec. nspr-4.10.6-1.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-3.16.1-4.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-sysinit-3.16.1-4.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-tools-3.16.1-4.el6_5.x86_64
 RHSA-2014:0917 Critical/Sec. nss-util-3.16.1-1.el6_5.x86_64
 RHSA-2013:1764 Critical/Sec. ruby-1.8.7.352-13.el6.x86_64
 RHSA-2013:1764 Critical/Sec. ruby-libs-1.8.7.352-13.el6.x86_64
 RHSA-2015:0251 Critical/Sec. samba-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-client-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-client-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-common-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-common-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-winbind-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-winbind-3.6.23-30.el6_7.x86_64
 RHSA-2015:0251 Critical/Sec. samba-winbind-clients-3.6.23-14.el6_6.x86_64
 RHSA-2016:0611 Critical/Sec. samba-winbind-clients-3.6.23-30.el6_7.x86_64
 RHSA-2015:0250 Critical/Sec. samba4-libs-4.0.0-66.el6_6.rc4.x86_64
 RHSA-2013:0614 Critical/Sec. xulrunner-17.0.3-2.el6_4.x86_64
 RHSA-2013:0696 Critical/Sec. xulrunner-17.0.5-1.el6_4.x86_64
 RHSA-2013:0820 Critical/Sec. xulrunner-17.0.6-2.el6_4.x86_64
 RHSA-2013:0981 Critical/Sec. xulrunner-17.0.7-1.el6_4.x86_64
 RHSA-2013:1140 Critical/Sec. xulrunner-17.0.8-3.el6_4.x86_64
 RHSA-2013:1268 Critical/Sec. xulrunner-17.0.9-1.el6_4.x86_64
 RHSA-2013:1476 Critical/Sec. xulrunner-17.0.10-1.el6_4.x86_64
 updateinfo list done

To find out detailed information about an update

 #yum updateinfo    RHSA-2016:0175
 Loaded plugins: package_upload, product-id, security, subscription-manager
 This system is receiving updates from Red Hat Subscription Management.
 rhel-6-server-rpms                                                                                                | 2.0 kB     00:00
 
 ===============================================================================
   Critical: glibc security and bug fix update
 ===============================================================================
   Update ID :    RHSA-2016:0175
   Release :
     Type : security
   Status : final
   Issued : 2016-02-16 00:00:00
     Bugs : 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
     CVEs : CVE-2015-7547
 Description : The glibc packages provide the standard C libraries (libc),etc
          : POSIX thread libraries (libpthread), standard math
          : libraries (libm), and the Name Server Caching
          : Daemon (nscd) used by multiple programs on the
          : system. Without these libraries, the Linux system
          : cannot function correctly.
          :
          : A stack-based buffer overflow was found in the way
          : the libresolv library performed dual A/AAAA DNS
          : queries. A remote attacker could create a
          : specially crafted DNS response which could cause
          : libresolv to crash or, potentially, execute code
          : with the permissions of the user running the
          : library. Note: this issue is only exposed when
          : libresolv is called from the nss_dns NSS service
          : module. (CVE-2015-7547)
          :
          : This issue was discovered by the Google Security
          : Team and Red Hat.
          :
          : This update also fixes the following bugs:
          :
          : * The dynamic loader has been enhanced to allow
          :   the loading of more shared libraries that make
          :   use of static thread local storage. While static
          :   thread local storage is the fastest access
          :   mechanism it may also prevent the shared library
          :   from being loaded at all since the static
          :   storage space is a limited and shared
          :   process-global resource. Applications which
          :   would previously fail with "dlopen: cannot load
          :   any more object with static TLS" should now
          :   start up correctly. (BZ#1291270)
          :
          : * A bug in the POSIX realtime support would cause
          :   asynchronous I/O or certain timer API calls to
          :   fail and return errors in the presence of large
          :   thread-local storage data that exceeded
          :   PTHREAD_STACK_MIN in size (generally 16 KiB).
          :   The bug in librt has been corrected and the
          :   impacted APIs no longer return errors when large
          :   thread-local storage data is present in the
          :   application. (BZ#1301625)
          :
          : All glibc users are advised to upgrade to these
          : updated packages, which contain backported patches
          : to correct these issues.
  Severity : Critical
 updateinfo info done
 

To install all available updates except the kernel packages

 
  yum update --exclude=kernel* 
 

Recent Changes