Are security updates applied with `dnf update` or is it separate procedure in Linux?

Question

I found this vulnerability with polkit. It was found in Jan 22. How does keeping Linux updated security wise works in general?

If I run dnf update on CentOS9 - will it fix it? Or shall I look into each and every vulnerability myself and fix it manually?

it says `CentOS9` in the text and in the tag. -\o/- – Boppity Bop Apr 22 '22 at 15:40 — Boppity Bop, Apr 22 '22 at 15:40

score 3 · Accepted Answer · answered Apr 22 '22 at 23:33

3

It should fix it.
Errata are of three types: bug, security and enhancements.
with dnf update, you will get all of them.
You can filter as well; for e.g., to check only for security updates, run:
dnf check-update --security
and you can apply them with:
dnf update --security

answered Apr 22 '22 at 23:33

Kwakou-Steve

56
1

1

I don't know if this is still relevant since CentOS became part of RedHat and its usecase was changed from clone to upstream beta release, but before this, CentOS7 (contrary to RHEL7) didn't tag security updates, meaning you had to apply *all* updates to get *security* updates. See this Q/A: [Update CentOS Security Patches](https://serverfault.com/questions/996189/update-centos-security-patches) – A.B Apr 23 '22 at 10:25

Are security updates applied with `dnf update` or is it separate procedure in Linux?

1 Answers1