CentOS&RHEL yum 只更新安全补丁操作的方法

Linux 系统直接升级整个系统版本可能会带来诸多不可预料的问题,为了尽可能的保证系统稳定的同时保证系统安全,系统管理员可以只更新安全补丁

步骤一:更新全部安全补丁
1.1 安装 yum-security 插件
# yum install yum-security
Loaded plugins: rhnplugin, security
RHSA-2009:1148-1 security httpd-2.2.3-22.el5_3.2.x86_64
RHSA-2009:1148-1 security httpd-devel-2.2.3-22.el5_3.2.i386
RHSA-2009:1148-1 security httpd-manual-2.2.3-22.el5_3.2.x86_64
RHSA-2009:1148-1 security mod_ssl-1:2.2.3-22.el5_3.2.x86_64
list-security done

1.2 :列出安全相关的系统更新
# yum --security check-update

1.3 :批量安装所有的安全更新
# yum update --security

步骤二:列出补丁的详细信息和建议清单
2.1 安装 bugzillas
# yum list-security bugzillas

2.2:查看某一个补丁的详细信息
# yum info-security RHSA-2009:1148-1
Loaded plugins: rhnplugin, security

===============================================================================
  RHSA-2009:1148
===============================================================================
  Update ID : RHSA-2009:1148-1
    Release :
       Type : security
     Status : final
     Issued : 2009-07-08 23:00:00
       Bugs : 509125 - None
            : 509375 - None
       CVEs : CVE-2009-1890
            : CVE-2009-1891
Description : Important: httpd security update  \The Apache HTTP Server is a
            : popular Web server.  A denial of service flaw was
            : found in the Apache mod_proxy module when it was
            : used as a reverse proxy. A remote attacker could
            : use this flaw to force a proxy process to consume
            : large amounts of CPU time. (CVE-2009-1890)  A
            : denial of service flaw was found in the Apache
            : mod_deflate module. This module continued to
            : compress large files until compression was
            : complete, even if the network connection that
            : requested the content was closed before
            : compression completed. This would cause
            : mod_deflate to consume large amounts of CPU if
            : mod_deflate was enabled for a large file.
            : (CVE-2009-1891)  All httpd users should upgrade to
            : these updated packages, which contain backported
            : patches to correct these issues. After installing
            : the updated packages, the httpd daemon must be
            : restarted for the update to take effect.
      Files : mod_ssl-2.2.3-22.el5_3.2.x86_64.rpm
            : httpd-devel-2.2.3-22.el5_3.2.i386.rpm
            : httpd-2.2.3-22.el5_3.2.x86_64.rpm
            : httpd-devel-2.2.3-22.el5_3.2.x86_64.rpm
            : httpd-manual-2.2.3-22.el5_3.2.x86_64.rpm
            : mod_ssl-2.2.3-22.el5_3.2.i386.rpm
            : httpd-2.2.3-22.el5_3.2.i386.rpm
            : httpd-manual-2.2.3-22.el5_3.2.i386.rpm
info-security done


2.3 列出某一个补丁的信息和另一个补丁的建议清单
# yum --bz 3595 --cve CVE-2009-1890 --advisory RHSA-2009:1148-1 info updates