Monday Apr 29, 2013

Updates to errata on ULN and public-yum.oracle.com

The Unbreakable Linux Network (ULN) team have been hard at work updating the errata metadata that is delivered on ULN and public-yum.oracle.com. The changes provide more information about all errata, including security patches, bug fixes and feature enhancements. In addition, security fixes are listed by priority (important, moderate, low). This will allow Oracle Linux customers more flexibility when working with 3rd party Linux management tools like Spacewalk or SUSE Manager.

You can see some of the changes we've implemented using the yum-security plugin that's available as part of Oracle Linux:

 First, install the yum-security plugin: 

 # yum install yum-plugin-security

You can read all about the options available once you have the yum-security plugin installed by reading the man page:

# man yum-security 

Let's take it for a spin. First, let's list all the errata that are available for your system:

# yum updateinfo list
Loaded plugins: rhnplugin, security
ELBA-2012-1399 bug            device-mapper-libs-1.02.74-10.el6_3.2.x86_64
ELEA-2012-1574 enhancement    device-mapper-libs-1.02.74-10.el6_3.3.x86_64
ELSA-2012-1141 Moderate/Sec.  dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64
ELSA-2013-0504 Low/Sec.       dhclient-12:4.1.1-34.P1.0.1.el6.x86_64
ELSA-2012-1141 Moderate/Sec.  dhcp-common-12:4.1.1-31.P1.0.1.el6_3.1.x86_64
ELSA-2013-0504 Low/Sec.       dhcp-common-12:4.1.1-34.P1.0.1.el6.x86_64
...

This command lists all the errata that are available for your system by errata ID. It also specifies whether it's a security patch (Moderate/Sec.), bugfix (bug) or feature enhancement (enhancement).  

You could also narrow your search to just the CVEs, i.e. security patches:

# yum updateinfo list cves
CVE-2012-3954 Moderate/Sec.  dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64
CVE-2012-3571 Moderate/Sec.  dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64
CVE-2012-3955 Low/Sec.       dhclient-12:4.1.1-34.P1.0.1.el6.x86_64 

This provides the CVE ID instead of the errata ID so that you can correlate a published CVE with a particular errata:

# yum updateinfo list --cve CVE-2012-3954
Loaded plugins: rhnplugin, security
ELSA-2012-1141 Moderate/Sec. dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64
ELSA-2012-1141 Moderate/Sec. dhcp-common-12:4.1.1-31.P1.0.1.el6_3.1.x86_64

Or see additional information about that particular errata or CVE:

# yum updateinfo info --cve CVE-2012-3954
Loaded plugins: rhnplugin, security
===============================================================================
   dhcp security update
===============================================================================
  Update ID : ELSA-2012-1141
    Release : Oracle Linux 6
       Type : security
     Status : final
     Issued : 2012-08-02
       CVEs : CVE-2012-3954
	    : CVE-2012-3571
Description : [12:4.1.1-31.P1.0.1.el6_3.1]
            : - Added oracle-errwarn-message.patch
            :
            : [12:4.1.1-31.P1.1]
            : - An error in the handling of malformed client
            :   identifiers can cause a denial-of-service
            :   condition in affected servers. (CVE-2012-3571,
            :   #843120)
            : - Memory Leaks Found In ISC DHCP (CVE-2012-3954,
            :   #843120)
   Severity : Moderate
updateinfo info done

For more information on using the yum tool, see the Oracle Linux 6 Administration Guide

Updating Oracle Linux by Errata or CVE

The yum-security plugin also allows you to narrow the yum tool to only update security fixes. Instead of running a generic update command, you can leverage the additional errata metadata and tell yum to only apply security patches:

# yum --security update

Alternatively, you can target a specific errata or CVE:

# yum update --cve CVE-2012-3954 

Or

# yum update --advisory ELSA-2012-1141

3rd-Party Linux management tools

Oracle Enterprise Manager 12c Cloud Control has always been able to extract and display errata information for Oracle Linux.  

Now, tools like Red Hat Satellite, Spacewalk, Katello/Pulp and SUSE Manager are all able to ingest the errata information and provide that information via their UI tools. 

For example, here's a snippet from  Spacewalk showing the Oracle Linux 6 (i386) Latest channel from public-yum.oracle.com:

Spacewalk errata list

If you click on a particular advisory, you can see information for that advisory:

You can also see the packages affected by an advisory:

Stay tuned for a future blog post that goes through how to setup Spacewalk to mirror the public-yum.oracle.com  repositories. 

About

Get the latest updates on strategy, products, events, news, customers, partners and all things Oracle Linux! Connect with Oracle's Linux experts.

Stay Connected

Twitter


Facebook

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
5
6
7
8
9
12
13
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today