Red Hat 7.x – Applying Security Updates

This article describes how we can generate several information regarding security update on the Red Hat system. One of the important task that might a system administrator need to have is system security awareness. Red Hat provides several tools in order to manage it security information. At the beginning let’s start with yum updateinfo command.

   root:redhat.mylab.com in /root
😃  ➤ yum updateinfo
Loaded plugins: langpacks, product-id, subscription-manager
rhel-7-server-openstack-10-tools-debug-rpms/7Server/x86_64                                 | 3.8 kB  00:00:00     
rhel-7-server-openstack-10-tools-rpms/7Server/x86_64                                       | 4.0 kB  00:00:00     
rhel-7-server-openstack-10-tools-source-rpms/7Server/x86_64                                | 3.8 kB  00:00:00     
rhel-7-server-rpms/7Server/x86_64                                                          | 3.5 kB  00:00:00     
rhel-7-server-rt-beta-rpms/x86_64                                                          | 4.0 kB  00:00:00     
rhel-7-server-rt-rpms/7Server/x86_64                                                       | 4.0 kB  00:00:00     
rhel-ha-for-rhel-7-server-rpms/7Server/x86_64                                              | 3.4 kB  00:00:00     
rhel-rs-for-rhel-7-server-rpms/7Server/x86_64                                              | 3.4 kB  00:00:00     
Updates Information Summary: available
    279 Security notice(s)
         44 Critical Security notice(s)
         95 Important Security notice(s)
        119 Moderate Security notice(s)
         21 Low Security notice(s)
    784 Bugfix notice(s)
    117 Enhancement notice(s)
updateinfo summary done

From above output we have a brief information regarding security, bugfix and Enhancement notices. You may obtain more information regarding the list by using command yum updateinfo list. Since it have a long list I was ommitted some ouputs.

   root:redhat.mylab.com in /root
😃  ➤ yum updateinfo list
Loaded plugins: langpacks, product-id, subscription-manager
.......
RHEA-2016:2556 enhancement    ModemManager-1.6.0-2.el7.x86_64
RHBA-2014:0726 bugfix         NetworkManager-1:0.9.9.1-22.git20140326.4dba720.el7_0.x86_64
RHSA-2014:0741 Critical/Sec.  firefox-24.6.0-1.el7_0.x86_64
.......
updateinfo list done

From the output you may see Red Hat notice such as RHEA, RHBA and RHSA code. Use the code name like below example if you want to gain more detail information from each notices provided.

   root:redhat.mylab.com in /root
😃  ➤ yum updateinfo RHSA-2014:0741
Loaded plugins: langpacks, product-id, subscription-manager
.......    

===============================================================================
  Critical: firefox security update
===============================================================================
  Update ID : RHSA-2014:0741
    Release : 
       Type : security
     Status : final
     Issued : 2014-06-10 00:00:00
       Bugs : 1107399 - CVE-2014-1533 Mozilla: Miscellaneous memory safety hazards (rv:24.6) (MFSA 2014-48)
	    : 1107421 - CVE-2014-1538 Mozilla: Use-after-free and out of bounds issues found using Address Sanitizer (MFSA 2014-49)
	    : 1107424 - CVE-2014-1541 Mozilla: Use-after-free with SMIL Animation Controller (MFSA 2014-52)
       CVEs : CVE-2014-1541
	    : CVE-2014-1533
	    : CVE-2014-1538
Description : Mozilla Firefox is an open source web browser. XULRunner
            : provides the XUL Runtime environment for Mozilla
            : Firefox.
            : 
            : Several flaws were found in the processing of
            : malformed web content. A web page containing
            : malicious content could cause Firefox to crash or,
            : potentially, execute arbitrary code with the
            : privileges of the user running Firefox.
            : (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
            : 
            : Red Hat would like to thank the Mozilla project
            : for reporting these issues. Upstream acknowledges
            : Gary Kwong, Christoph Diehl, Christian Holler,
            : Hannes Verschore, Jan de Mooij, Ryan VanderMeulen,
            : Jeff Walden, Kyle Huey, Abhishek Arya, and Nils as
            : the original reporters of these issues.
            : 
            : For technical details regarding these flaws, refer
            : to the Mozilla security advisories for Firefox
            : 24.6.0 ESR. You can find a link to the Mozilla
            : advisories in the References section of this
            : erratum.
            : 
            : All Firefox users should upgrade to these updated
            : packages, which contain Firefox version 24.6.0
            : ESR, which corrects these issues. After installing
            : the update, Firefox must be restarted for the
            : changes to take effect.
   Severity : Critical
updateinfo info done

As an additional information, you may check Common Vulnerabilities and Exposures (CVE) web site to obtain detail information regarding the CVEs that mentioned on the above output.

Contributor:

Ananto Yudi Hendrawan
Network Engineer - CCIE Service Provider #38962, RHCE, VCP6-DCV
nantoyudi@gmail.com
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s