Updateinfo: A yum repository with CentOS Errata information

This site hosts a yum repository which includes CentOS Errata information (CESA, CEEA, CEBA).
It will allow you to see which vulnerabilities exist and which updates fix them.

News

Show older news...

2017-10-08: After a few weeks of testing and integration, this project is now live!

2017-10-18: I am still working on the Patreon integration so please send me an email (see Feedback section) if you don't receive one from me automatically after signing up through Patreon. Sorry for any inconvenience.

2017-10-16: CVE information is now included in the repository.

2017-10-16: You can now browse the errata information in this repository for CentOS 7 and CentOS 6.

2019-10-25: CentOS 8 support is now in BETA.

2020-01-08: A change I made to the repository in October broke the syncing function for Spacewalk/Katello and probably others. To fix this, I have added a new URI which you can use. Please use /6-sync/ instead of just /6/ and /7-sync/ instead of /7/ to get a full repo copy including RPM packages.

2020-09-03: Made minor changes to this site to clarify.

Usage

Step 1: Become a patron of this project on Patreon. It's cheaper than a coffee and will help me run this site and pay for Amazon CloudFront which serves the content.

Step 2: Create a new repository file (in /etc/yum.repos.d) as below (replacing @ with %40) with the credentials from your signup confirmation email (not your Patreon login):

      cat > /etc/yum.repos.d/updates_cefs.repo <<EOF
      [updates_cefs]
      name=CentOS-\$releasever - Updates (from CEFS)
      baseurl=https://you%40example.com:PASSWORD@updateinfo.cefs.steve-meier.de/\$releasever/updates/\$basearch/
      gpgcheck=1
      repo_gpgcheck=0
      enabled=1
      EOF

Step 3: Replace the email address and PASSWORD with your email address and the password you received (again, not your Patreon password).

Step 4: If you are running CentOS 6.x, install the yum security plugin:

      yum install yum-security

Step 5: Run yum updateinfo list to get a list of errata which apply to your system.

Once the repository is set up successfully you can run yum -q updateinfo list to get a list of available errata to be installed.

Example output:

CEBA-2017:1604              bugfix         chkconfig-1.7.2-1.el7_3.1.x86_64
CEBA-2017:1613              bugfix         dracut-033-463.el7_3.2.x86_64
CEBA-2017:1613              bugfix         dracut-config-rescue-033-463.el7_3.2.x86_64
CEBA-2017:1613              bugfix         dracut-network-033-463.el7_3.2.x86_64
CEBA-2017:1618              bugfix         gawk-4.0.2-4.el7_3.1.x86_64
CESA-2017:1481              Important/Sec. glibc-2.17-157.el7_3.4.x86_64
CESA-2017:1481              Important/Sec. glibc-common-2.17-157.el7_3.4.x86_64
CESA-2017:1481              Important/Sec. glibc-devel-2.17-157.el7_3.4.x86_64
CESA-2017:1481              Important/Sec. glibc-headers-2.17-157.el7_3.4.x86_64
CESA-2017:1484              Important/Sec. kernel-3.10.0-514.21.2.el7.x86_64
CESA-2017:1615              Important/Sec. kernel-3.10.0-514.26.1.el7.x86_64
CESA-2017:1484              Important/Sec. kernel-devel-3.10.0-514.21.2.el7.x86_64
CESA-2017:1615              Important/Sec. kernel-devel-3.10.0-514.26.1.el7.x86_64
CESA-2017:1484              Important/Sec. kernel-headers-3.10.0-514.21.2.el7.x86_64
CESA-2017:1615              Important/Sec. kernel-headers-3.10.0-514.26.1.el7.x86_64
CESA-2017:1484              Important/Sec. kernel-tools-3.10.0-514.21.2.el7.x86_64
CESA-2017:1615              Important/Sec. kernel-tools-3.10.0-514.26.1.el7.x86_64
CESA-2017:1484              Important/Sec. kernel-tools-libs-3.10.0-514.21.2.el7.x86_64
CESA-2017:1615              Important/Sec. kernel-tools-libs-3.10.0-514.26.1.el7.x86_64
CESA-2017:1484              Important/Sec. python-perf-3.10.0-514.21.2.el7.x86_64
CESA-2017:1615              Important/Sec. python-perf-3.10.0-514.26.1.el7.x86_64
CEBA-2017:1607              bugfix         xfsprogs-4.5.0-10.el7_3.x86_64

You can now install security updates only by running yum -q update --security

Example output:

===================================================================================================================
 Package                         Arch                 Version                           Repository            Size
===================================================================================================================
Installing:
 kernel                          x86_64               3.10.0-514.26.1.el7               updates                37 M
 kernel-devel                    x86_64               3.10.0-514.26.1.el7               updates                13 M
Updating:
 glibc                           x86_64               2.17-157.el7_3.4                  updates               3.6 M
 glibc-common                    x86_64               2.17-157.el7_3.4                  updates                11 M
 glibc-devel                     x86_64               2.17-157.el7_3.4                  updates               1.1 M
 glibc-headers                   x86_64               2.17-157.el7_3.4                  updates               669 k
 kernel-headers                  x86_64               3.10.0-514.26.1.el7               updates               4.8 M
 kernel-tools                    x86_64               3.10.0-514.26.1.el7               updates               4.0 M
 kernel-tools-libs               x86_64               3.10.0-514.26.1.el7               updates               3.9 M
 python-perf                     x86_64               3.10.0-514.26.1.el7               updates               4.0 M
Removing:
 kernel                          x86_64               3.10.0-514.2.2.el7                @updates              148 M
 kernel-devel                    x86_64               3.10.0-514.2.2.el7                @updates               34 M

Transaction Summary
===================================================================================================================
Install  2 Packages
Upgrade  8 Packages
Remove   2 Packages

Is this ok [y/d/N]:

You can also install updates selectively by referencing a specific advisory: yum update --advisory=CESA-2017:1481

Example output:

[... output omitted ...]
4 package(s) needed (+0 related) for security, out of 20 available
Resolving Dependencies
--> Running transaction check
---> Package glibc.x86_64 0:2.17-157.el7_3.2 will be updated
---> Package glibc.x86_64 0:2.17-157.el7_3.4 will be an update
---> Package glibc-common.x86_64 0:2.17-157.el7_3.2 will be updated
---> Package glibc-common.x86_64 0:2.17-157.el7_3.4 will be an update
---> Package glibc-devel.x86_64 0:2.17-157.el7_3.2 will be updated
---> Package glibc-devel.x86_64 0:2.17-157.el7_3.4 will be an update
---> Package glibc-headers.x86_64 0:2.17-157.el7_3.2 will be updated
---> Package glibc-headers.x86_64 0:2.17-157.el7_3.4 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================
 Package                           Arch                       Version                              Repository                  Size
====================================================================================================================================
Updating:
 glibc                             x86_64                     2.17-157.el7_3.4                     updates                     3.6 M
 glibc-common                      x86_64                     2.17-157.el7_3.4                     updates                      11 M
 glibc-devel                       x86_64                     2.17-157.el7_3.4                     updates                     1.1 M
 glibc-headers                     x86_64                     2.17-157.el7_3.4                     updates                     669 k

Transaction Summary
====================================================================================================================================
Upgrade  4 Packages

Total download size: 17 M
Is this ok [y/d/N]:

Last, but not least, you can also install updates linked to CVEs: yum update --cve CVE-2016-8399

Example output

[... output omitted ...]
Resolving Dependencies
--> Running transaction check
---> Package kernel.x86_64 0:3.10.0-693.5.2.el7 will be installed
---> Package kernel-headers.x86_64 0:3.10.0-693.2.2.el7 will be updated
---> Package kernel-headers.x86_64 0:3.10.0-693.5.2.el7 will be an update
---> Package kernel-tools.x86_64 0:3.10.0-693.2.2.el7 will be updated
---> Package kernel-tools.x86_64 0:3.10.0-693.5.2.el7 will be an update
---> Package kernel-tools-libs.x86_64 0:3.10.0-693.2.2.el7 will be updated
---> Package kernel-tools-libs.x86_64 0:3.10.0-693.5.2.el7 will be an update
---> Package python-perf.x86_64 0:3.10.0-693.2.2.el7 will be updated
---> Package python-perf.x86_64 0:3.10.0-693.5.2.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================================================
 Package                           Arch                     Version                                Repository                Size
==================================================================================================================================
Installing:
 kernel                            x86_64                   3.10.0-693.5.2.el7                     updates                    43 M
Updating:
 kernel-headers                    x86_64                   3.10.0-693.5.2.el7                     updates                   6.0 M
 kernel-tools                      x86_64                   3.10.0-693.5.2.el7                     updates                   5.1 M
 kernel-tools-libs                 x86_64                   3.10.0-693.5.2.el7                     updates                   5.0 M
 python-perf                       x86_64                   3.10.0-693.5.2.el7                     updates                   5.1 M

Transaction Summary
==================================================================================================================================
Install  1 Package
Upgrade  4 Packages

Total download size: 64 M
Is this ok [y/d/N]:

Frequently Asked Questions (FAQ)

Q: I have signed up with Patreon but not recevied a username/password?!

Please check your Spam folder. If you can't find it there either, send me an email or a message on Patreon.

Q: Is it safe to install your repository? Can I trust you?

That's a good question.
My repository contains exactly the same packages as the official CentOS mirrors do.
As mirrors also have the same trust issue, yum performs signature verification on all packages before installation.
If I modified a package, yum would warn you about the incorrect signature and you would (hopefully) abort the installation.

I could remove packages from this repository (e.g. kernel updates) but your system would still learn about them through the default repositories.

So, yes, it's safe to add the repository but you should always be careful about any warnings popping up and not dismiss them easily.

Q: Which CentOS versions are supported?

6.x and 7.x, as older versions have reached end of support.
Support for CentOS 8.x is in beta status.

Q: Why do I get HTTP error 401 (Unauthorized) when running yum check-update?

This repository is for Patrons only. If you are a Patron of this project you will receive a username and password by email which will allow you to get access.

Q: Can I use this on multiple servers?

Yes. As long as you are a Patron, I don't care wether you use the repository on one or a dozen servers. If you have a really big installation please consider using a proxy to conserve my bandwidth.

Q: Why is this not free?

When I started a previous project I had a lot of hope that people would recognize the value and give back something. Unfortunately, that's not the case. Although downloaded by big corporations and even three-letter agencies, I did not receive enough donations to pay for the site, let alone buy myself a cold beer. That's why I rely on Patreon for this project.

Q: Why does CentOS not provide this information?

I wish they did and still hope they ultimately will. You'll have to ask them yourself.

Q: The repository has no packges?!

This is due to a change I made in October and intentional. On clients, yum will merge the updateinfo from my repository with the packages from the default update repository. This simplifies things. If you want to create a mirror or sync of my repository, please change the URL from /6/... to /6-sync/... and /7/... to /7-sync/... respectively. Sorry if this has caused any inconvenience.

Q:Will CentOS 8-Stream be supported?

No.

Q: Something isn't working. Where can I get help?

You can send me an email and I will try to answer as my time permits.

Feedback

I would like to hear how this tool works for you. You can contact me via email: email (at) steve (dash) meier (dot) de