I have been searching around in the net and in StackExchange as well, and found out yum-plugin-security
although can be installed but it is actually not functioning for Centos-base repositories, back to 2013 and 2014. Referring to this and this.
I have tested again myself with my Centos 6.6 and found out as in 2016 now, yum-plugin-security
is still not functioning. This can be tested using the latest most heat issue of the DROWN attack of openssl.
First get the version of openssl installed:
4977-20[13:59:19 root@lye-vm ~]# rpm -qa openssl
openssl-1.0.1e-30.el6_6.5.x86_64
Then find any updates available for openssl:
4978-21[14:09:37 root@lye-vm ~]# yum list updates openssl*
Loaded plugins: security
Updated Packages
openssl.x86_64 1.0.1e-42.el6_7.4 updates
Ok, so there is one. Then find it with yum-plugin-security
tools updateinfo
:
4979-22[14:09:42 root@lye-vm ~]# yum updateinfo list security
Loaded plugins: security
updateinfo list done
4980-23[14:09:46 root@lye-vm ~]#
So there is none shown by 'updateinfo'. (If using yum --security check-update
it will list out all updates available, which is not functioning so well).
I wish to know is it true there is NO WAY we can get the Security Updates by using yum
commands ? or there is a way and I did something wrong ?
My purpose is to only update Centos with security related updates. At the moment what I can do is manually subscribe to Centos-announce mailing list and look for those thread with keyword Security Update, such as this for the openssl DROWN attack.