Uploaded image for project: 'Product Technical Learning'
  1. Product Technical Learning
  2. PTL-7767

RH415-48: Using "yum update-minimal" vs "yum update"

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Not a Bug
    • Icon: Minor Minor
    • RH415 - RHEL7.5 1 20180830
    • RH415
    • None
    • 1
    • en-US (English)

      URL:
      Reporter RHNID: mikephillips1973
      Section: -
      Language: en-US (English)
      Workaround:

      Description: RH413 (RHEL 6) uses to mention how updating for a specific CVE or security advisory didn't necessarily update to the package version mentioned in the CVE or security advisory. Instead, the update would give you the latest version of the package. This was a nice bit of information, but since the RH413 classroom installation only provided one version of each package, there wasn't a good way to demonstrate this. In addition, RH413 didn't mention how "yum update-minimal" vs "yum update" could be used to give you the package version specified in the CVE or security advisory.

      For instructors who want to test or demonstrate this, make sure to run "lab security-review setup" as student@workstation and then ssh to root@servera.

      1. Run "yum updateinfo list". You should see that there are several updates related to the python-perf package.
      2. You can see that RHSA-2018-1318 will update the python-perf package to version python-perf-3.10.0-862.2.3.el7.x86_64
      3. Check to see which version of python-perf will be installed if you update for this security advisory: yum update --advisory=RHSA-2018:1318
        The python-perf package will be updated to 3.10.0-862.9.1.el7
        Cancel the update by pressing N
      4. Use "yum update-minimal" instead of "yum update" and notice how the package version matches the version listed in the advisory: yum update-minimal --advisory=RHSA-2018:1318

      If students want the versions specified in CVEs and security advisories, rather than the most recent versions, students can use "yum update-minimal" instead of "yum-update".

      Examples:

      1. yum update-minimal --security
      2. yum update-minimal --security --sec-severity=Critical,Important
      3. yum update-minimal --cve CVE-2018-12020

              rht-sbonnevi Steven Bonneville
              rht-miphilli Michael Phillips
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: