On 03/01/2016 09:17 PM, Peter wrote:
On 02/03/16 15:57, Anthony K wrote:
This command output is odd:
yum update --security ... No packages needed for security; 118 packages available
...
Why does yum not consider this CESA a security update?
Cherry-picking updates is not supported by CentOS, this is because each package is built on a system with all previous updates applied and as such each update that you install should have all previous updates applied or there can be problems.
As such CentOS does not support the --security option for yum, nor does it support the yum-security plugin. You are expected to update your entire system, not to do so will leave you with an unsupported system. Also there will be other packages as well that have security issues that need updating.
RHEL does not support only security updates either .. they do have things like AUS / EAS .. but those things require all updates to be installed, not just all security updates.
If you look at this update:
https://access.redhat.com/errata/RHSA-2016:0303
Look in the *Solution* section:
"Before applying this update, make sure all previously released errata relevant to your system have been applied."
That does not say all security errata .. it says all errata. The same thing is on every Red Hat errata page. They expect that you are running whatever is an updated system. If you are running AUS or EUS, they still expect you to do all updates for that repo, not just security updates.
BUt the security plugins do not work for CentOS and they never have, Peter is correct, you need to run yum update or call out the specific packages you want updated.
You can look at the announce list to figure out which ones are SA or BA or EA .. but you want all of them, as they go together.