Installing Security Updates in Linux RHEL 8/RHEL 9

How to patch RHEL 8 Linux

by Jay

Keeping your system up-to-date with the latest security patches is essential to ensure the safety and integrity of your Linux environment. In this guide, we’ll explore how to check for security updates, find Common Vulnerabilities and Exposures (CVEs), and install security updates using DNF (Dandified YUM) and RPM (Red Hat Package Manager).

security updates Linux RHEL 8 RHEL9

1. Checking for Security Updates with DNF

DNF provides a convenient way to check for security updates across all installed packages. To list available security updates, use the following command:

# dnf updateinfo list security

This command will list all available security updates, showing the associated advisory and package details. It helps you identify which packages have security patches available.

2. Viewing Detailed Security Update Information

To get detailed information about a specific security advisory, including the CVE identifiers associated with it, use the following command:

# dnf changelog --upgrades package-name

For example, to get detailed information about security updates for the “openssl” package, you’d use:

# dnf changelog --upgrades openssl

This command provides more in-depth information about the security advisory and its impact on the specified package.

3. Finding CVE (Common Vulnerabilities and Exposures)

  • Finding CVE via National Vulnerability Database (NVD)

If you want to find detailed information about a specific security vulnerability using its CVE identifier, you can use the National Vulnerability Database (NVD) website or other security databases. Typically, you won’t find this directly through DNF or RPM commands. For example, you can visit the NVD website at https://nvd.nist.gov/ and search for the CVE using their search interface.

  • Red Hat Errata

Red Hat provides official errata, which are documents containing information about security vulnerabilities, bug fixes, and enhancements. To access Red Hat’s errata online, visit their website at https://access.redhat.com/errata/. Here, you can search for specific advisories using keywords or CVE identifiers.

4. Identifying CVEs in Installed Packages

If you want to identify CVEs associated with installed packages on your system, you can use the following command:

# rpm -qa --changelog | grep CVE

OR

rpm -q --changelog package-name | grep CVE

This command will search the package changelogs for references to CVE identifiers. It’s useful to quickly identify CVEs in your installed packages.

5. Installing Security Updates with DNF

Once you’ve identified the security updates you want to install (either through checking with DNF or other sources), you can proceed with updating your system. To install all available security updates, use the following command:

# sudo dnf update --security

This command will update all packages with available security updates, ensuring that your system is protected against known vulnerabilities.

To install a application available security updates, use the following command:

# sudo dnf update --security openssl

Example:

[root@TechArticles:~]# dnf update --security openssl
Last metadata expiration check: 0:05:08 ago on Mon Aug 14 19:55:09 2023.
Dependencies resolved.
=======================================================================================================================
 Package                       Architecture            Version                           Repository               Size
=======================================================================================================================
Upgrading:
 openssl                       x86_64                  1:3.0.7-17.el9_2                  baseos                  1.2 M
 openssl-libs                  x86_64                  1:3.0.7-17.el9_2                  baseos                  2.1 M

Transaction Summary
=======================================================================================================================
Upgrade  2 Packages

Total download size: 3.3 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): openssl-3.0.7-17.el9_2.x86_64.rpm                                                50 kB/s | 1.2 MB     00:23
(2/2): openssl-libs-3.0.7-17.el9_2.x86_64.rpm                                           58 kB/s | 2.1 MB     00:37
-----------------------------------------------------------------------------------------------------------------------
Total                                                                                   86 kB/s | 3.3 MB     00:39
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                               1/1
  Upgrading        : openssl-libs-1:3.0.7-17.el9_2.x86_64                                                          1/4
  Upgrading        : openssl-1:3.0.7-17.el9_2.x86_64                                                               2/4
  Cleanup          : openssl-1:3.0.1-43.el9_0.x86_64                                                               3/4
  Cleanup          : openssl-libs-1:3.0.1-43.el9_0.x86_64                                                          4/4
  Running scriptlet: openssl-libs-1:3.0.1-43.el9_0.x86_64                                                          4/4
  Verifying        : openssl-1:3.0.7-17.el9_2.x86_64                                                               1/4
  Verifying        : openssl-1:3.0.1-43.el9_0.x86_64                                                               2/4
  Verifying        : openssl-libs-1:3.0.7-17.el9_2.x86_64                                                          3/4
  Verifying        : openssl-libs-1:3.0.1-43.el9_0.x86_64                                                          4/4

Upgraded:
  openssl-1:3.0.7-17.el9_2.x86_64                         openssl-libs-1:3.0.7-17.el9_2.x86_64

Complete!

This command will update only openssl with available security updates, ensuring that your system is protected against known vulnerabilities.

6. Installing Security Updates with RPM

If you need to install a specific RPM package that provides a security fix, you can do this directly using the RPM command. First, download the updated RPM package from a trusted source (such as the official repository or the package maintainer’s website). Then, use the following command to install the RPM:

# sudo rpm -Uvh package.rpm

Replace “package.rpm” with the actual filename of the downloaded RPM package. This command will upgrade the package if it’s already installed or install it if it’s not present on the system.

Conclusion

Regularly checking for security updates, being aware of CVEs, and promptly installing security patches are crucial steps in maintaining a secure Linux system. By using DNF and RPM, you have powerful tools at your disposal to keep your system protected from known vulnerabilities.

==================================================================================
Was this article of use to you? Post your insightful thoughts or recommendations in the comments section if you don’t find this article to be helpful or if you see any outdated information, a problem, or a typo to help this article better.
==================================================================================

Related Posts

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.