Red Hat patching

Latest response

Hi
I have Redhat 7.3 with KVM on top. when I updated the system I used the only command :
yum --releaseserver=7.3 update

after some scanning for vulnerability, it was obvious there are a lot of missing update

Now lets assume I still want to be tight to 7.3 and not making any compatibility issues with applications running on KVM

are the below commands going to mess things up verses releaseserver=7.3 ?
gpk-update-viewer
yum update or yum update all
yum install vsftpd
yum update bind

how can I patched to the latest without affecting the targeted version 7.3 thanks

AA
Log in to join the conversation

Responses

Christian Labisch's picture Guru 9715 points
5 October 2018 8:22 AM

Hi AL,

If you didn't change the default settings of the .repo files in /etc/yum.repos.d ... it's quite easy to achieve what you want. :)
Execute sudo yum --releaseserver=7.3 update for what shall be updated to the latest stable RHEL 7.3 package versions.
Execute sudo yum upgrade <package> for what shall specifically be upgraded to the latest stable RHEL 7.5 package version.

Regards,
Christian

AA Community Member 94 points
6 October 2018 4:05 PM

Hello Christian , thank you , So if I understand you correctly, I need to perform: sudo yum --releaseserver=7.3 update and if there are required packages to be updated then it has to be manually one by one upgraded (by specific name) ?

One more question if you don't mind : I have seen some requests like: Please install a server certificate signed by a trusted third-party Certificate Authority /n Please install a server certificate whose Subject commonName or subjectAltName matches the server FQDN /n Please install a server certificate with correct usage .etc

Is there any guide you may point to it for these concerns ? thanks again

Christian Labisch's picture Guru 9715 points
7 October 2018 1:35 PM

Hi AL,

Besides the fact that I recommend to always use the latest stable release of any operating system ... when you want to stick with the release version 7.3 generally and add the --releaseserver=7.3 option, then you don't get the latest stable updates from the 7.5 branch. It means that you have to upgrade every single package which you want to get upgraded to the 7.5 release manually without this option, which on the other hand may lead to dependency issues. The other way around : Using yum update without the option means that you upgrade the system and all packages to RHEL 7.5. Using yum update with the --releaseserver=7.3 option updates to the latest 7.3 package versions.

Again, I don't recommend to upgrade single packages - better use the latest stable system release. This is the best option to always have a stable system in a secure state and to avoid vulnerabilities. Hope I could explain it good enough. :) Regarding your question about the certificates, I can't give you a reliable advice on that, simply because I don't have enough information. Just search the Red Hat Knowledgebase for matching articles or open a new thread and provide sufficient information.

Regards,
Christian

AA Community Member 94 points
7 October 2018 9:32 PM

Thank you so much Christian. That was helpful :)

Christian Labisch's picture Guru 9715 points
8 October 2018 6:52 AM

You're welcome, AL ! :) I'm glad that the explanation was useful for you.

Regards,
Christian

KD Pro 410 points
15 October 2018 4:16 PM

If you install packages from a newer rhel you're essentially changing your minor version without updating the redhat-release package. You only have one option to stay on a minor release and get security updates: EUS/E4S/... channels -> Red Hat offers extended support for certain minor releases and certain use-cases (usually means extra licenses). Best way is to just update to latest minor release :)

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.