How do I apply package updates to my RHEL system?

Updated -

Environment considerations

Red Hat Enterprise Linux starting with versions 6.1 and 5.7 introduced a new Red Hat Subscription Management (RHSM) service. Red Hat Network (RHN) has been decommissioned.

Users that are new to Red Hat or would like the enhanced subscription information and improved content access should use RHSM. If you are still using Red Hat Network, we advise you to migrate to RHSM as soon as possible. Customers using older versions of Red Hat Enterprise Linux must continue using RHN Classic. Refer to FAQ for Changes to Red Hat's Entitlement Platform with RHEL 6.1 and 5.7 and What's the difference between management services provided by Red Hat Network (RHN) Classic and Red Hat Subscription Management (RHSM)? for more information on benefits of RHSM over RHN.

Prerequisites

Registering the system with the Subscription Manager

Graphical interface

Access the Subscription Management GUI client in Red Hat Enterprise Linux 8 via Activities, then select Show Applications and click All. Then select Red Hat Subscription Manager.

In Red Hat Enterprise Linux 7 open Applications -> System Tools -> Red Hat Subscription Manager and in Red Hat Enterprise Linux 6 via System -> Administration -> Red Hat Subscription Manager.

Command line

A system can also be registered via the command line by using the "subscription-manager" command. To register your system either trough the GUI or form the command line follow the instructions in the Using and Configuring Red Hat Subscription Manager guide.

Make sure that your firewall allows configuring RHSM, for more information see How do I access RHSM (yum) through a firewall?.

General information on RHSM can be found in Red Hat Network Subscription Management, while FAQ for Changes to Red Hat's Entitlement Platform with RHEL 6.1 and 5.7 provides a quick overview and a comparison with RHN.

Applying package updates on Red Hat Enterprise Linux 8

Before installing an update, make sure all previously released errata relevant to the system have been applied.

To access updates when using Red Hat Enterprise Linux 8, launch the graphical update tool through Applications -> Show Applications -> All -> Software, or from the command line via the following command:

# gnome-software

Within the graphical interface, select Updates.

For a command line interface, use the following command to update the operating system:

# dnf update

To install a specific package, such as vsftpd, use the following command:

# dnf install vsftpd

To update a specific package, such as bind, use the following command:

# dnf update bind

To find more information about the command line options available for yum, use the following command:

# man dnf

Applying package updates on Red Hat Enterprise Linux 7

Before installing an update, make sure all previously released errata relevant to the system have been applied.

To access updates when using Red Hat Enterprise Linux 7, launch the graphical update tool through Applications -> System Tools -> Software Update, or from the command line via the following command:

# gpk-update-viewer

For a command line interface, use the following command to update the operating system:

# yum update

To install a specific package, such as vsftpd, use the following command:

# yum install vsftpd

To update a specific package, such as bind, use the following command:

# yum update bind

To find more information about the command line options available for yum, use the following command:

# man yum

Applying package updates on Red Hat Enterprise Linux 6

Before installing an update, make sure all previously released errata relevant to the system have been applied.

To access updates when using Red Hat Enterprise Linux 6, launch the graphical update tool through System -> Administration -> Software Update, or from the command line via the following command:

# gpk-update-viewer

For a command line interface, use the following command to update the operating system:

# yum update

To install a specific package, such as vsftpd, use the following command:

# yum install vsftpd

To update a specific package, such as bind, use the following command:

# yum update bind

To find more information about the command line options available for yum, use the following command:

# man yum

Applying package updates on Red Hat Enterprise Linux 5

Before installing an update, make sure all previously released errata relevant to the system have been applied.

To access updates when using Red Hat Enterprise Linux 5, launch the graphical update tool through Applications -> System Tools -> Software Updater, or from the command line via the following command:

# pup

For a command line interface, use the following command to update the operating system:

# yum update

To install a specific package, such as vsftpd, use the following command:

# yum install vsftpd

To update a specific package, such as bind, use the following command:

# yum update bind

To find more information about the command line options available for yum, use the following command:

# man yum

60 Comments

How am I supposed to use any of these methods from a RH5.5 system where the basic network is not working due to the bug https://bugzilla.redhat.com/show_bug.cgi?id=568040 when the system cannot be even pinged or access Internet.

First, a system like REDHAT (5.5) losing its network connectivity right after the installation due to a BUG, is really ridiculouse!!

Secondly, it gives soooo bad new user experience !!!

I started using th RH, but I guess for the last time!!

Hello Sukanta, small world...

Bug #568040 was reported against a pre-release version of RHEL5.5 ("5.5 snap1") and was fixed in kernel 2.6.18-194 which is the kernel version that RHEL5.5 was released with. As such, this issue should not affect a RHEL5.5 installation done using the RHEL5.5 General Availability release ISO images and media.

You may be running into a similar (but distinct) issue. I would recommend testing whether you do have connectivity when booted using a non-Xen kernel. If you do, you can update from there. Alternatively, you can download the current RHEL5.5 errata kernel from the RHN website by hand on another system and transfer it to your RHEL system using a USB flash drive.

Should your connectivity issues persists after you have updated to the current errata kernel, please open a support case with Red Hat Global Support Services.

HTH,

Ray

RHSA-2010:0882-1 is an advisory for Red Hat Enterprise Linux 3 (RHEL3) which is no longer in general support (cf. the Red Hat Enterprise Linux Life Cycle - RHEL3 left general support on October 31, 2010). RHEL3 is currently in the Extended Life Cycle Phase of its life cycle and updates to RHEL3 are only available to customers who hold an Extended Life Cycle Support (ELS) subscription; they are avaialble from separate RHEL3 ELS channels in RHN. You may want to contact your sales representative for more information on the ELS offering.

do you know where can i download

https://rhn\,redhat\,com/errata/RHSA\-2010\-0882\,html

i cant find the kernel in the rhn\,

Thanks

I presume the instructions for RHEL5 in this entry also apply to RHEL6, true?  Please update all other such KB entries with info for RHEL6, thanks.

Best,

CB for ML

The security team is working to update the article.

Thanks,

David

There's no pup in RHEL 6, nor is the Software Updater located in the described menu. It's under System -> Administration, it's labeled Sofware Update (note the missing 'r'), and if the administrator wants to run it from the command line, they should enter gpk-update-viewer.

The last redhat RHEL5 kernel source package only supply the big kernel patch file, our project need to get some important CVE kernel patches(not all) to ourself kernel. How should we get previous every individual patches? Not a big patch file.

Hi if i dont have internet to to update in the system.
where i should donload and how can i update....?

I am assuming that on my 5.8 system that I just install the latest rhn-upgrade package, read the README and go from there. Is there any reason to save a copy of the files from my last rhn-upgrade in the /etc/sysconfig/rhn/satellite-upgrade directory before installing the latest rhn-upgrade package?

Thanks
Tom

When this patch will be available for download on access.redhat.com under "Software Downloads" -> "Web Server 2.0" -> "Security Advisories"?

Hello,
I'm new with Linux and wondering if you could let me know the best way to understand the reason why certain
packages do not get installed even if it was flagged as a fix for a vulnerability. Example is the vulnerability message that saya "Red Hat Enterprise Linux RHSA-2012-1445 Update Is Not Installed". However,when applied we get the message Advisory "RHSA-2012:1445" not found applicable for this system . On further investigation, we found that this advisory refers to the kernel version 2.6.18-308. We are now running 2.6.18-348 on our servers. We take this to be a false positive. Question is if it is safe to assume that after applying the fix and getting the "not found applicable" message, that these are all false positives? If they are really false positives, how do we get rid of these messages from appearing in the scans?
Thank you

Hi elmerv,

You might also like to try asking this question over in the Getting Started discussion group here on the portal: https://access.redhat.com/groups/getting-started-red-hat-products

Hello,

Please could you help me.

I am looking for xfsprogs-2.10.2-8.el5.x86_64.rpm or any other xfsprogs for rhel5.8, but I cannot find it on rhn portal.
How I can get it?
thanks

Shahzad,

You need to subscribe to the 'RHEL Scalable File System' channel. The xfsprogs package you referred to is detailed here.

Hello Akemi,

I couldnt find it, it said that the package doesn't exist. Have you any other clue?
Thanks

I am having problem solving bug 693518. when i enter yum update it lists down the packages it wants to update and then gives me this message

"
--> Processing Conflict: resource-agents-3.9.2-40.el6.i686 conflicts rgmanager < 3.0.12.1
--> Finished Dependency Resolution
Error: resource-agents conflicts with rgmanager
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
"

So to resolve this problem all i need to do is run software update from system tab or are there any additional steps ?

Disregard, I misread thinking I needed pup for RHEL 6. Ill try gpk-update-viewer

please provide the direct link to download latest OpenSSL rpm.

Our servers can't connect to Internet directly.

thanks

to download latest (OpenSSL?) packages log in to http://www.redhat.com/ and download them.

Question:
"all previously released errata relevant to the system have been applied" - this line suggests that updates (e.g yum updates) don't roll up and include the ERRATA fixes.

I've always encountered some confusion on whether you had to apply both the ERRATA notifications and yum updates. I was under the impression yum updates would be sufficient albeit some errata fixes my take time to be included in the channel.

we are already running RHEL 5.10 (x64) with this kernel "2.6.18-371.8.1.el5".
when I ran "yum update", nothing to update, any ideas?

Hi,

How can I just download that particular package?

my boxes are not on the internet, how can I download just the patch for this?

Hi, I have received an Errata (https://rhn.redhat.com/errata/RHSA-2014-1392.html) related to important kernel update. Our RHEL6 Linux Infra is currently running on kernel-2.6.32-431.3.1.el6.x86_64, is it OK to directly apply the patching to kernel-2.6.32-504.el6.x86_64? Hoping for favorable response. Thanks.

i am have problem with upgrade php and mysql, becouse my have redhat version 6.4 64bit and default versin php 5.3 and mysql version 5.1 i want upgrade to php version 5.5 and mysql version 5.5, you can help me.
tks

I tried to download some package from this patch CVE-2014-7187 , but I could not because I did not find the download like befoe

can you tell me how I can download it?

How can I check if my system is already safe for a specifc vulnerabilty.
e.g.: How can I check if the httpd installed in my system is safe for the CVE-2014-0226?

if system is not register to RHN, how to get libc update for CVE-2015-0235, any link to download?

You will need a Red Hat account to download the package manually.

I have a RedHat account and I can not find how to download. All of my systems are behind a firewall and do not have access to RedHat. I need to download to my PC and move into the Yum server I have. Where do I get this update?

Richard,

From your PC, log in to your Red Hat account here. Click on the "DOWNLOADS" link (at the very top of the page). Select and click your product (Red Hat Enterprise Linux). Then go to the "Packages" tab. Be sure to select the right version (6, 7, etc). In the Filter box enter the name of the package you are looking for. You can download the package(s) from there.

Hi - Do you guys know the location to download the 2.18 glibc package? I am seeing only 2.12 in the search for packages. If any of you know where to download please let me know.

Red Hat follows a backporting policy, rather than releasing the newest version. Read about our backporting policy here:

Backporting Security Fixes
https://access.redhat.com/site/security/updates/backporting/

Hi - Our systems are NOT connected to the RH Classic network or satellite server due to the IP policy, Is there any location that I can download the packages for 2.18?

As Matt noted, the current version (2.12) contains all the security fixes available to date. You should not be fooled by the version number.

Regarding obtaining the packages manually, you need to find a machine from which you can connect to Red Hat's portal site. I have given the instructions earlier on how to find the package(s) of your interest.

as per GHOST glib security vulnerability, RH wants us to stay on 2.18 that misleads the customers. If the current version that we need to be 2.12. We need to ask RH to update the security vulnerability version number,

Hi ,

My environment is

Red Hat Enterprise Linux AS release 4 (Nahant Update 8)
Linux esbrt01 2.6.9-89.ELsmp #1 SMP Mon Apr 20 10:33:05 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

And I have upgraded the glibc packages by downloading it from redhat portal (https://access.redhat.com/downloads/content/69/ver=/rhel---4/4.8/x86_64/packages).

After up-gradation , the package list are

glibc-devel-2.3.4-2.57.i386
glibc-common-2.3.4-2.57.x86_64
glibc-headers-2.3.4-2.57.x86_64
glibc-2.3.4-2.57.i686
glibc-kernheaders-2.4-9.1.103.EL.x86_64
glibc-devel-2.3.4-2.57.x86_64
glibc-utils-2.3.4-2.57.x86_64
glibc-profile-2.3.4-2.57.x86_64
glibc-2.3.4-2.57.x86_64

But still the Ghost script showing vulnerability error for glibc.

Installed glibc version(s)
- glibc-2.3.4-2.57.x86_64: vulnerable
- glibc-2.3.4-2.57.i686: vulnerable

This system is vulnerable to CVE-2015-0235. <https://access.redhat.com/security/
Please refer to https://access.redhat.com/articles/1332213 for remediation ste

Kindly suggest us.

Hi Vinayak,

You need to select the 'Red Hat Enterprise Linux 4 ES - Extended Life Cycle Support' product variant. Thus, the URL is https://access.redhat.com/downloads/content/204/ver=/rhel---4/4.8/x86_64/packages and the NVR to took for is glibc-2.3.4-2.57.el4.2.

Radek

Hi Radek,

The given NVR is not available with extended life cycle support , the available latest package version is "glibc-2.3.4-2.43.el4_8.6.x86_64.rpm".

Package glibc-2.3.4-2.43.el4_8.6 was shipped for RHEL-4.8.z more than four years ago. You should now be running RHEL 4.9 + be entitled to use the ELS offering. If you can't, please contact Red Hat Support.

Manually selecting updates

  1. Click "Apply Errata" at the bottom right of the page.
    (I typed a number 6 above, but your page changes it to a 1, because its stupid enough to think it knows better)

There is NOTHING there called that. I need the RHSA security update and I just keep going round it circles, why have you made this all so hard to do.

INCLUDE a god damn download button.

MySQL updates don't appear to happen like this, or at least they don't appear to keep up. On a RHEL 5.5 system we have:

yum list available mysql

Loaded plugins: rhnplugin, security
This system is receiving updates from RHN Classic or RHN Satellite.
Available Packages
mysql.i386 5.0.95-5.el5_9 rhel-x86_64-server-5
mysql.x86_64 5.0.95-5.el5_9 rhel-x86_64-server-5

I just ran the Software Updater this week, but BeyondTrust Retina (eEye network scanner) says this system lacks:

MySQL - Critical Patch Update October 2014 - Remote
Oracle MySQL - Critical Patch Update January 2015 - Remote
MySQL - Critical Patch Update July 2014 - Remote
MySQL Multiple Vulnerabilities (20140915) - Remote

For the first three , the appropriate cumulative update is recommended. For the last, upgrade to MySQL 5.6.20, 5.5.39 or later is recommended.

How is this supposed to go with MySQL?

I have download the glibc-2.5-123.el5_11.1.x86_64 .rpm. How upgradde it by manual?

rpm -U glibc-2.5-123.el5_11.1.x86_64 .rpm or rpm -i glibc-2.5-123.el5_11.1.x86_64 .rpm

how do i "Manually selecting updates from the Red Hat Network" on RHSM as we do with RHN Classic?

Is it possible to update from RHEL 6.2 to RHEL 6.5? I have RHEL 6.6 is also available but I don't want to update to RHEL 6.6.

Yes, you can update to 6.5 Extended Update Support. A few useful links:

https://access.redhat.com/articles/rhel-eus
https://access.redhat.com/support/policy/updates/errata/

This article is supposed to provide specific details regarding how to apply bugfix updates to resolve RHBA-2015:1656-1. Instead, it describes rather general procedures to register systems with RHN, and apply package updates to various RHEL releases. I am looking for specific procedures to apply the recommended bugfix maintenance to RHN Satellite v5.7.

How do I go about updating systems that are not networked and cannot be connected to a network? Does the system have a registration key or certificate that can be installed manually to allow for patching offline? Or is this not necessary if I download the patches manually?

I tried to install the sapconf package but yum returns: the package does not exist . Can you help me?

The sapconf package should be available. Are you sure your system is registered and the base RHEL repo is enabled?

i want to upgrade kernel offline in rhel5.7. Please provide me direct links(Packages or kernel) to over come dirty cow vulnerability in rhel5.7.

You people need to add a section that tells how to apply a bug fix to an offline system. I have many systems that cannot connect to the internet and nowhere in your instructions does it tell how to do this.

You might consider the following solutions:

I was directed here from an updated container package... which I don't install with yum and stuff... this page is useless for container erratas!

I wish to install patches to the RHEL 6.9 server so that I can install the Symantec SEP 14. Please help to provide the exact patches to download. Please help to provide steps procedure to install the patches to the RHEL 6.9 server.

Thanks. Aaron

The RHEL-8 errata https://access.redhat.com/errata/RHSA-2019:3736 points to this page, but no mention is made here about applying updates to RHEL-8.

Pages