Update security

Hello everyone,

When i am using this :

yum updateinfo summary

i see the output showing security alerts available

3 security alert
1 Alerte de sécurité important(s)

But when i try to do update of security this way :

dnf upgrade --security

yum update --security

there’s nothing to do, to apply. i am running Alma 9.0, anyone have an idea ? am i missing something ? Thanks !

everyone have an idea why i can have a difference with :

yum updateinfo summary

and

yum update --security

Thanks

man dnf writes:

Command: updateinfo
Aliases: upif
Deprecated aliases: list-updateinfo, list-security, list-sec, info-updateinfo, info-security, info-sec, summary-updateinfo

dnf [options] updateinfo [--summary|--list|--info] [<availability>] [<spec>...]

Display information about update advisories.

Depending on the output type, DNF displays just counts of advisory types (omitted or –summary), list of advisories (–list) or detailed information (–info). The -v option extends the output.

And for “update”:

Command: upgrade
Aliases: up
Deprecated aliases: update, upgrade-to, update-to, localupdate

dnf [options] upgrade

Updates each package to the latest version that is both available and resolvable.

Where [options] can include:

   --security

Includes packages that provide a fix for a security issue. Applicable for the upgrade command.

So, ‘updateinfo’ queries database, but ‘update’ actually attempts to install packages. There are subtle differences, mostly in dependency resolution – the actual install tends to fail since queries do not test everything about transactions.

On one of my Alma 8 setups that has packages available that are flagged “security”, the

dnf up --security

Fails with “conflicting packages”, but the more inclusive dnf up runs fine.

Overall, it is (IMHO) bad practice to “cherry-pick” just some subset of packages for update.

Do run:

dnf --enablerepo=* clean all

and then

dnf up

Thanks for your help.
What i really don’t understand is that

yum updateinfo summary → give me one list of security items to apply
dnf up --security → do nothing, nothing to apply

dnf --enablerepo=* clean all

48 fichiers supprimés
dnf up --security
AlmaLinux 8 - BaseOS                                                                                                                                                        5.6 MB/s | 5.8 MB     00:01
AlmaLinux 8 - AppStream                                                                                                                                                     6.7 MB/s |  10 MB     00:01
AlmaLinux 8 - Extras                                                                                                                                                         35 kB/s |  18 kB     00:00
Extra Packages for Enterprise Linux 8 - x86_64                                                                                                                              8.6 MB/s |  13 MB     00:01
Extra Packages for Enterprise Linux Modular 8 - x86_64                                                                                                                      956 kB/s | 857 kB     00:00

dnf updateinfo list security

Dernière vérification de l’expiration des métadonnées effectuée il y a 0:00:15 le lun. 22 août 2022 11:41:59 CEST.
ALSA-2022:5316 Sécurité/Niveau important kernel-4.18.0-372.13.1.el8_6.x86_64
ALSA-2022:5564 Sécurité/Niveau important kernel-4.18.0-372.16.1.el8_6.x86_64
ALSA-2022:5819 Sécurité/Niveau important kernel-4.18.0-372.19.1.el8_6.x86_64
ALSA-2022:1988 Sécurité/Niveau important kernel-4.18.0-372.9.1.el8.x86_64
ALSA-2022:5316 Sécurité/Niveau important kernel-core-4.18.0-372.13.1.el8_6.x86_64
ALSA-2022:5564 Sécurité/Niveau important kernel-core-4.18.0-372.16.1.el8_6.x86_64
ALSA-2022:5819 Sécurité/Niveau important kernel-core-4.18.0-372.19.1.el8_6.x86_64
ALSA-2022:1988 Sécurité/Niveau important kernel-core-4.18.0-372.9.1.el8.x86_64
ALSA-2022:5316 Sécurité/Niveau important kernel-devel-4.18.0-372.13.1.el8_6.x86_64
ALSA-2022:5564 Sécurité/Niveau important kernel-devel-4.18.0-372.16.1.el8_6.x86_64
ALSA-2022:5819 Sécurité/Niveau important kernel-devel-4.18.0-372.19.1.el8_6.x86_64
ALSA-2022:1988 Sécurité/Niveau important kernel-devel-4.18.0-372.9.1.el8.x86_64
ALSA-2022:5316 Sécurité/Niveau important kernel-modules-4.18.0-372.13.1.el8_6.x86_64
ALSA-2022:5564 Sécurité/Niveau important kernel-modules-4.18.0-372.16.1.el8_6.x86_64
ALSA-2022:5819 Sécurité/Niveau important kernel-modules-4.18.0-372.19.1.el8_6.x86_64
ALSA-2022:1988 Sécurité/Niveau important kernel-modules-4.18.0-372.9.1.el8.x86_64

yum updateinfo summary

Dernière vérification de l’expiration des métadonnées effectuée il y a 0:00:40 le lun. 22 août 2022 11:41:59 CEST.
Résumé des informations de mise à jour : disponible
      1 Avis de nouveaux paquets
      4 Alerte de sécurité
          4 Alerte de sécurité important(s)
    161 Alerte de correction d’anomalie
     17 Alerte d’amélioration
      2 autre(s) alertes)
Security: kernel-core-4.18.0-372.19.1.el8_6.x86_64 is an installed security update
Security: kernel-core-4.18.0-305.12.1.el8_4.x86_64 is the currently running version

Is it because you can have multiple versions of the kernel package installed at the same time?

you still have vulnerable kernel 4.18.0-305.12.1.el8_4.x86_64 → there are updated packages available → yum updateinfo shows you something

but you already have the updated package installed → yum update does nothing

yum updateinfo summary

is the same as

yum updateinfo summary --available

from the manpage dnf(1):

Note, that --available tooks only the latest installed versions of packages into account. In case of the kernel packages (when multiple version could be installed simultaneously) also packages of the currently running version of kernel are added.

Many thanks Jeremy, i got it now ! indeed i always keep 3 versions

rpm -qa | grep kernel | sort
kernel-4.18.0-305.12.1.el8_4.x86_64
kernel-4.18.0-372.16.1.el8_6.x86_64
kernel-4.18.0-372.19.1.el8_6.x86_64