How annoying. You could hack it up after installing yum-changelog with 'yum changelog 1 <package> | grep CVE' I guess. Not pretty.
On Mon, Oct 10, 2011 at 2:36 PM, Jo Rhett <[email protected]> wrote: > yum-security doesn't work with CentOS. > > On Oct 10, 2011, at 1:18 PM, Aaron Grewell wrote: > > AFAIK there's no native way. I would do this with a set of defines wrapped > around the yum-security package (which allows you to list and operate on > security updates only). > > On Mon, Oct 10, 2011 at 12:22 PM, Jo Rhett <[email protected]>wrote: > >> Am I overlooking a native way to update vulnerable packages only if they >> are already installed? There's no option to set a package to 'latest' only >> if installed. OnlyIf and Unless don't operate on package resources. >> (Yum/CentOS but I imagine the issue is the same for all platforms) >> >> No, running a "yum upgrade all" is not plausible. Maintaining a list of >> packages which should be upgraded is plausible and expected. >> >> The obvious thing seems to be creatinga ruby fact that loads all packages >> into facts and then doing the logic based around that, but Luke and other >> have expressed concerns over doing this in the past. Is there a better way? >> >> -- >> Jo Rhett >> Net Consonance : consonant endings by net philanthropy, open source and >> other randomness >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > -- > Jo Rhett > Net Consonance : consonant endings by net philanthropy, open source and > other randomness > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
