How to apply only security updates on CentOS?

By Posted on

Problem :

Ive tried what this article describes: 

yum install yum-security

Next step is

yum list-security

but the result of this is:

Loading mirror speeds from cached hostfile
* base: mirror.anl.gov
* epel: mirrors.liquidweb.com
* extras: mirror.wiredtree.com
* updates: centos.mirrors.tds.net
* webtatic: us-east.repo.webtatic.com
Killed

Any idea why it gets killed? I don’t care how if there is another way to do it I’m fine with that as well.

The system version is this

2.6.32-042stab088.4 #1 SMP Sat Jun 21 00:15:09 MSK 2014 x86_64 x86_64 x86_64 GNU/Linux

Edit:

Running yum clean all and then trying it again didn’t help:

[root@foobar  burzum]# yum clean all
Loaded plugins: fastestmirror, security
Cleaning repos: atrpms base epel extras nginx updates vz-base vz-updates webtatic
Cleaning up Everything
Cleaning up list of fastest mirrors
[root@florian-kraemer burzum]# yum list-security
Loaded plugins: fastestmirror, security
Determining fastest mirrors
epel/metalink                                                  |  14 kB     00:00
 * base: centos.corenetworks.net
 * epel: mirrors.liquidweb.com
 * extras: mirror.wiredtree.com
 * updates: centos.mirrors.tds.net
 * webtatic: us-east.repo.webtatic.com
atrpms                                                         | 3.0 kB     00:00
atrpms/primary_db                                              | 1.7 MB     00:01
base                                                           | 3.7 kB     00:00
base/primary_db                                                | 4.6 MB     00:02
epel                                                           | 4.4 kB     00:00
epel/primary_db                                                | 6.3 MB     00:03
extras                                                         | 3.3 kB     00:00
extras/primary_db                                              |  19 kB     00:00
nginx                                                          | 2.9 kB     00:00
nginx/primary_db                                               |  34 kB     00:00
updates                                                        | 3.4 kB     00:00
updates/primary_db                                             | 156 kB     00:00
vz-base                                                        |  951 B     00:00
vz-base/primary                                                | 1.3 kB     00:00
vz-base                                                                           3/3
vz-updates                                                     |  951 B     00:00
vz-updates/primary                                             | 2.2 kB     00:00
vz-updates                                                                        8/8
webtatic                                                       | 3.6 kB     00:00
webtatic/primary_db                                            | 167 kB     00:00
epel/updateinfo                                                | 858 kB     00:00
Killed
[root@foobar burzum]#

Solution :

Late answer, but this is typically due to memory exhaustion. The security plugin seems to use extra memory.

Good luck implementing articles from 2009. CentOS 6/7 doesn’t supply “security” categories inside package metadata (unlike RHEL), so nevermind what yum plugin magic you use, it won’t do.

The best practice is to update all, and in my practice the complete updates are still conservative enough so that problems are very rare.

Working solution: Centos Security updates only

sudo yum install yum-plugin-changelog pcre-devel python-pip
mkdir /var/lib/centos-package-cron
pip install centos_package_cron

centos-package-cron --output stdout --forceold | pcregrep -M 'Packages:[^:]*' | grep -o "[^* ]*" | grep -v 'Packages:' | grep -v 'References' | sort | uniq | xargs yum -y update

You need to install the plugin called yum-plugin-security. The commands give you the security information.

yum -y install yum-plugin-security

Leave a Reply

Your email address will not be published. Required fields are marked *