Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Managing and monitoring security updates

Red Hat Enterprise Linux 8

Update RHEL 8 system security to prevent attackers from exploiting known flaws

Red Hat Customer Content Services

Abstract

Learn how to install security updates and display additional details about the updates to keep your Red Hat Enterprise Linux systems secured against newly discovered threats and vulnerabilities.

Providing feedback on Red Hat documentation
Copy link

We are committed to providing high-quality documentation and value your feedback. To help us improve, you can submit suggestions or report errors through the Red Hat Jira tracking system.

Procedure

  1. Log in to the Jira website.

    If you do not have an account, select the option to create one.

  2. Click Create in the top navigation bar.
  3. Enter a descriptive title in the Summary field.
  4. Enter your suggestion for improvement in the Description field. Include links to the relevant parts of the documentation.
  5. Click Create at the bottom of the dialogue.

Chapter 1. Identifying security updates
Copy link

Keeping enterprise systems secure from current and future threats requires regular security updates. Red Hat Product Security provides the guidance you need to confidently deploy and maintain enterprise solutions.

1.1. What are security advisories?
Copy link

Red Hat Security Advisories (RHSA) document the information about security flaws being fixed in Red Hat products and services.

Each RHSA includes the following information:

  • Severity
  • Type and status
  • Affected products
  • Summary of fixed issues
  • Links to the tickets about the problem. Note that not all tickets are public.
  • Common Vulnerabilities and Exposures (CVE) numbers and links with additional details, such as attack complexity.

Red Hat Customer Portal provides a list of Red Hat Security Advisories published by Red Hat. You can display details of a specific advisory by navigating to the advisory’s ID from the list of Red Hat Security Advisories.

Figure 1.1. List of security advisories

Customer Portal: List of security advisories

Optionally, you can also filter the results by specific product, variant, version, and architecture. For example, to display only advisories for Red Hat Enterprise Linux 8, you can set the following filters:

  • Product: Red Hat Enterprise Linux
  • Variant: All Variants
  • Version: 8
  • Optionally, select a minor version, such as 8.2.

You can list all available security updates for your system by using the yum utility.

Prerequisites

  • A Red Hat subscription is attached to the host.

Procedure

  • List all available security updates which have not been installed on the host: 

    # yum updateinfo list updates security
…
RHSA-2019:0997 Important/Sec. platform-python-3.6.8-2.el8_0.x86_64
RHSA-2019:0997 Important/Sec. python3-libs-3.6.8-2.el8_0.x86_64
RHSA-2019:0990 Moderate/Sec.  systemd-239-13.el8_0.3.x86_64
…

You can list installed security updates for your system by using the yum utility.

Procedure

  • List all security updates which are installed on the host: 

    # yum updateinfo list security --installed
…
RHSA-2019:1234 Important/Sec. libssh2-1.8.0-7.module+el8+2833+c7d6d092
RHSA-2019:4567 Important/Sec. python3-libs-3.6.7.1.el8.x86_64
RHSA-2019:8901 Important/Sec. python3-libs-3.6.8-1.el8.x86_64
…

    If multiple updates of a single package are installed, yum lists all advisories for the package. In the previous example, two security updates for the python3-libs package have been installed since the system installation.

You can use the yum utility to display a specific advisory information that is available for an update.

Prerequisites

  • A Red Hat subscription is attached to the host.
  • You know the ID of the security advisory.
  • The update provided by the advisory is not installed.

Procedure

  • Display a specific advisory, for example: 

    # yum updateinfo info RHSA-2019:0997
====================================================================
  Important: python3 security update
====================================================================
  Update ID: RHSA-2019:0997
       Type: security
    Updated: 2019-05-07 05:41:52
       Bugs: 1688543 - CVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization
       CVEs: CVE-2019-9636
Description: …

Chapter 2. Installing security updates
Copy link

In RHEL, you can install a specific security advisory and all available security updates. You can also configure the system to download and install security updates automatically.

2.1. Installing all available security updates
Copy link

To keep the security of your system up to date, you can install all currently available security updates using the yum utility.

Prerequisites

  • A Red Hat subscription is attached to the host.

Procedure

  1. Install security updates using yum utility: 

    # yum update --security

    Without the --security parameter, yum update installs all updates, including bug fixes and enhancements.

  2. Confirm and start the installation by pressing y: 

    …
Transaction Summary
===========================================
Upgrade  … Packages

Total download size: … M
Is this ok [y/d/N]: y

  3. Optional: List processes that require a manual restart of the system after installing the updated packages: 

    # yum needs-restarting
1107 : /usr/sbin/rsyslogd -n
1199 : -bash

    The previous command lists only processes that require a restart, and not services. That is, you cannot restart processes listed using the systemctl utility. For example, the bash process in the output is terminated when the user that owns this process logs out.

In certain situations, you might want to install only specific updates. For example, if a specific service can be updated without scheduling a downtime, you can install security updates for only this service, and install the remaining security updates later.

Prerequisites

Procedure

  1. Install a specific advisory, for example: 

    # yum update --advisory=RHSA-2019:0997

  2. Alternatively, update to apply a specific advisory with a minimal version change by using the yum upgrade-minimal command, for example: 

    # yum upgrade-minimal --advisory=RHSA-2019:0997

  3. Confirm and start the installation by pressing y: 

    …
Transaction Summary
===========================================
Upgrade  … Packages

Total download size: … M
Is this ok [y/d/N]: y

  4. Optional: List the processes that require a manual restart of the system after installing the updated packages: 

    # yum needs-restarting
1107 : /usr/sbin/rsyslogd -n
1199 : -bash

    The previous command lists only processes that require a restart, and not services. This means that you cannot restart all processes listed by using the systemctl utility. For example, the bash process in the output is terminated when the user that owns this process logs out.

2.3. Installing security updates automatically
Copy link

You can configure your system so that it automatically downloads and installs all security updates.

Prerequisites

  • A Red Hat subscription is attached to the host.
  • The dnf-automatic package is installed.

Procedure

  1. In the /etc/dnf/automatic.conf file, in the [commands] section, make sure the upgrade_type option is set to either default or security: 

    [commands]
#  What kind of upgrade to perform:
# default                            = all available upgrades
# security                           = only the security upgrades
upgrade_type = security

  2. Enable and start the systemd timer unit: 

    # systemctl enable --now dnf-automatic-install.timer

Verification

  1. Verify that the timer is enabled: 

    # systemctl status dnf-automatic-install.timer

Legal Notice
Copy link

Copyright © Red Hat.
Except as otherwise noted below, the text of and illustrations in this documentation are licensed by Red Hat under the Creative Commons Attribution–Share Alike 3.0 Unported license . If you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, the Red Hat logo, JBoss, Hibernate, and RHCE are trademarks or registered trademarks of Red Hat, LLC. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
XFS is a trademark or registered trademark of Hewlett Packard Enterprise Development LP or its subsidiaries in the United States and other countries.
The OpenStack® Word Mark and OpenStack logo are trademarks or registered trademarks of the Linux Foundation, used under license.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top