Oracle Linux 8 Security Updates

O tema de hoje é muito importante, iremos conhecer os vários tipos de atualizações de segurança disponíveis no Oracle Linux 8, antes de trabalharmos na parte prática, iremos conhecer algumas definições básicas do que é CVE e ELSA.

CVE, abreviação de Common Vulnerabilities and Exposures, é uma lista de falhas de segurança de computador divulgadas publicamente. Quando alguém se refere a um CVE, significa uma falha de segurança que recebeu um número de ID CVE.
Avisos de segurança emitidos por fornecedores e pesquisadores quase sempre mencionam pelo menos um ID CVE. Os CVEs ajudam os profissionais de TI a coordenar seus esforços para priorizar e resolver essas vulnerabilidades para tornar os sistemas de computador mais seguros.

CVE Detalhes: https://www.cvedetails.com/vulnerability-list/vendor_id-93/year-2021/Oracle.html
https://linux.oracle.com/ords/f?p=130:21
https://linux.oracle.com/security/

ELSA, Enterprise Linux Security Advisory, nada mais que uma maneira de consultar e obter detalhamento de falhas de seguranças ou bugs e quais pacotes devem ser atualizados ou foram afetados.
ELSA Detalhes: https://linux.oracle.com/ords/f?p=105:21

Para este exemplo utilizei o Oracle Linux 8.0 desatualizado.

1 – Verificando atualizações de segurança disponíveis para download e instalação.

[root@ol8 ~]# dnf updateinfo sec
Last metadata expiration check: 0:04:37 ago on Tue 07 Sep 2021 12:15:28 PM -03.
Updates Information Summary: available
    173 Security notice(s) <===================== We see that we have 173 security updates out of which 64 are important.
         64 Important Security notice(s) <========= Vemos que temos 173 atualizações de segurança sendo que as 64 são importantes.
         92 Moderate Security notice(s)  <========= 92 de nivel moderado.
         17 Low Security notice(s)       17 de nivel baixo de segurança.
ShellScript

2 – Verificando de forma detalhada quais pacotes/aplicativos possuem atualizações e devem sofrer atualizações. Como a lista é muito grande de pacotes, estou resumindo os pacotes listados.

root@ol8 ~]# dnf updateinfo list sec | awk '{print $3}'
 
expiration
NetworkManager-1:1.22.8-5.el8_2.x86_64
NetworkManager-1:1.30.0-7.0.1.el8.x86_64
NetworkManager-libnm-1:1.22.8-5.el8_2.x86_64
NetworkManager-libnm-1:1.30.0-7.0.1.el8.x86_64
NetworkManager-team-1:1.22.8-5.el8_2.x86_64
NetworkManager-team-1:1.30.0-7.0.1.el8.x86_64
NetworkManager-tui-1:1.22.8-5.el8_2.x86_64
NetworkManager-tui-1:1.30.0-7.0.1.el8.x86_64
bash-4.4.19-14.el8.x86_64
bind-export-libs-32:9.11.13-3.el8.x86_64
bind-export-libs-32:9.11.13-5.el8_2.x86_64
bind-export-libs-32:9.11.20-5.el8.x86_64
bind-export-libs-32:9.11.20-5.el8_3.1.x86_64
bind-export-libs-32:9.11.26-4.el8_4.x86_64
bind-export-libs-32:9.11.4-17.P2.el8_0.1.x86_64
bind-export-libs-32:9.11.4-17.P2.el8_0.x86_64
bind-export-libs-32:9.11.4-26.P2.el8.x86_64
brotli-1.0.6-3.el8.x86_64
cpio-2.12-10.el8.x86_64
cryptsetup-libs-2.3.3-2.el8.x86_64
cups-libs-1:2.2.6-33.el8.x86_64
cups-libs-1:2.2.6-38.el8.x86_64
curl-7.61.1-11.el8.x86_64
curl-7.61.1-12.el8.x86_64
curl-7.61.1-14.el8.x86_64
curl-7.61.1-18.el8.x86_64
cyrus-sasl-lib-2.1.27-5.el8.x86_64
dbus-1:1.12.8-10.0.1.el8_2.x86_64
dbus-1:1.12.8-9.0.1.el8.x86_64
dbus-common-1:1.12.8-10.0.1.el8_2.noarch
dbus-common-1:1.12.8-9.0.1.el8.noarch
dbus-daemon-1:1.12.8-10.0.1.el8_2.x86_64
dbus-daemon-1:1.12.8-9.0.1.el8.x86_64
dbus-libs-1:1.12.8-10.0.1.el8_2.x86_64
dbus-libs-1:1.12.8-9.0.1.el8.x86_64
dbus-tools-1:1.12.8-10.0.1.el8_2.x86_64
dbus-tools-1:1.12.8-9.0.1.el8.x86_64
dhcp-client-12:4.3.6-34.el8.x86_64
dhcp-client-12:4.3.6-44.el8_4.1.x86_64
dhcp-common-12:4.3.6-34.el8.noarch
dhcp-common-12:4.3.6-44.el8_4.1.noarch
dhcp-libs-12:4.3.6-34.el8.x86_64
dhcp-libs-12:4.3.6-44.el8_4.1.x86_64
dnf-4.2.7-6.el8.noarch
dnf-data-4.2.7-6.el8.noarch
dnf-plugins-core-4.0.8-3.el8.noarch
e2fsprogs-1.45.4-3.el8.x86_64
e2fsprogs-libs-1.45.4-3.el8.x86_64
elfutils-default-yama-scope-0.176-5.el8.noarch
elfutils-libelf-0.176-5.el8.x86_64
elfutils-libs-0.176-5.el8.x86_64
expat-2.2.5-4.el8.x86_64
freetype-2.9.1-4.el8_3.1.x86_64
gettext-0.19.8.1-17.el8.x86_64
gettext-libs-0.19.8.1-17.el8.x86_64
glib2-2.56.4-10.el8_4.1.x86_64
glib2-2.56.4-10.el8_4.x86_64
glib2-2.56.4-7.el8.x86_64
glib2-2.56.4-8.el8.x86_64
glib2-2.56.4-9.el8.x86_64
glibc-2.28-101.0.1.el8.x86_64
glibc-2.28-127.0.1.el8.x86_64
glibc-2.28-151.0.1.el8.x86_64
glibc-2.28-72.0.1.el8.x86_64
glibc-common-2.28-101.0.1.el8.x86_64
glibc-common-2.28-127.0.1.el8.x86_64
glibc-common-2.28-151.0.1.el8.x86_64
glibc-common-2.28-72.0.1.el8.x86_64
glibc-langpack-en-2.28-101.0.1.el8.x86_64
glibc-langpack-en-2.28-127.0.1.el8.x86_64
glibc-langpack-en-2.28-151.0.1.el8.x86_64
glibc-langpack-en-2.28-72.0.1.el8.x86_64
gnupg2-2.2.20-2.el8.x86_64
gnupg2-smime-2.2.20-2.el8.x86_64
gnutls-3.6.14-7.el8_3.x86_64
gnutls-3.6.14-8.el8_3.x86_64
gnutls-3.6.8-10.el8_2.x86_64
gnutls-3.6.8-11.el8_2.x86_64
gnutls-3.6.8-8.el8.x86_64
grub2-common-1:2.02-78.0.2.el8.noarch
grub2-common-1:2.02-78.0.3.el8_1.1.noarch
grub2-common-1:2.02-82.0.2.el8_2.1.noarch
grub2-common-1:2.02-90.0.2.el8.noarch
grub2-common-1:2.02-90.0.2.el8_3.1.noarch
grub2-pc-1:2.02-78.0.2.el8.x86_64
grub2-pc-1:2.02-78.0.3.el8_1.1.x86_64
grub2-pc-1:2.02-82.0.2.el8_2.1.x86_64
ShellScript

3 – Detalhes dos pacotes a serem atualizados. Como a lista é muito grande de pacotes, estou resumindo os pacotes listados.

[root@ol8 ~]# dnf updateinfo list
Last metadata expiration check: 0:10:17 ago on Tue 07 Sep 2021 12:15:28 PM -03.
ELBA-2019-4856 bugfix         NetworkManager-1:1.20.0-3.0.1.el8.x86_64
ELBA-2019-4279 bugfix         NetworkManager-1:1.20.0-5.0.1.el8_1.x86_64
ELBA-2020-1847 bugfix         NetworkManager-1:1.22.8-4.el8.x86_64
ELSA-2020-3011 Moderate/Sec.  NetworkManager-1:1.22.8-5.el8_2.x86_64
ELBA-2020-5474 bugfix         NetworkManager-1:1.26.0-12.0.1.el8_3.x86_64
ELBA-2021-0563 bugfix         NetworkManager-1:1.26.0-13.0.1.el8_3.x86_64
ELBA-2021-1099 bugfix         NetworkManager-1:1.26.0-14.0.1.el8_3.x86_64
ELBA-2020-4499 bugfix         NetworkManager-1:1.26.0-8.0.1.el8.x86_64
ELBA-2020-4850 bugfix         NetworkManager-1:1.26.0-9.0.1.el8_3.x86_64
ELBA-2020-5940 bugfix         NetworkManager-1:1.26.0-9.0.2.el8_3.x86_64
ELBA-2021-3055 bugfix         NetworkManager-1:1.30.0-10.0.1.el8_4.x86_64
ELSA-2021-1574 Moderate/Sec.  NetworkManager-1:1.30.0-7.0.1.el8.x86_64
ELBA-2021-2576 bugfix         NetworkManager-1:1.30.0-9.0.1.el8_4.x86_64
ELBA-2019-4856 bugfix         NetworkManager-libnm-1:1.20.0-3.0.1.el8.x86_64
ELBA-2019-4279 bugfix         NetworkManager-libnm-1:1.20.0-5.0.1.el8_1.x86_64
ELBA-2020-1847 bugfix         NetworkManager-libnm-1:1.22.8-4.el8.x86_64
ELSA-2020-3011 Moderate/Sec.  NetworkManager-libnm-1:1.22.8-5.el8_2.x86_64
ELBA-2020-5474 bugfix         NetworkManager-libnm-1:1.26.0-12.0.1.el8_3.x86_64
ELBA-2021-0563 bugfix         NetworkManager-libnm-1:1.26.0-13.0.1.el8_3.x86_64
ELBA-2021-1099 bugfix         NetworkManager-libnm-1:1.26.0-14.0.1.el8_3.x86_64
ELBA-2020-4499 bugfix         NetworkManager-libnm-1:1.26.0-8.0.1.el8.x86_64
ELBA-2020-4850 bugfix         NetworkManager-libnm-1:1.26.0-9.0.1.el8_3.x86_64
ELBA-2020-5940 bugfix         NetworkManager-libnm-1:1.26.0-9.0.2.el8_3.x86_64
ELBA-2021-3055 bugfix         NetworkManager-libnm-1:1.30.0-10.0.1.el8_4.x86_64
ELSA-2021-1574 Moderate/Sec.  NetworkManager-libnm-1:1.30.0-7.0.1.el8.x86_64
ELBA-2021-2576 bugfix         NetworkManager-libnm-1:1.30.0-9.0.1.el8_4.x86_64
ELBA-2019-4856 bugfix         NetworkManager-team-1:1.20.0-3.0.1.el8.x86_64
ELBA-2019-4279 bugfix         NetworkManager-team-1:1.20.0-5.0.1.el8_1.x86_64
ELBA-2020-1847 bugfix         NetworkManager-team-1:1.22.8-4.el8.x86_64
ELSA-2020-3011 Moderate/Sec.  NetworkManager-team-1:1.22.8-5.el8_2.x86_64
ELBA-2020-5474 bugfix         NetworkManager-team-1:1.26.0-12.0.1.el8_3.x86_64
ELBA-2021-0563 bugfix         NetworkManager-team-1:1.26.0-13.0.1.el8_3.x86_64
ELBA-2021-1099 bugfix         NetworkManager-team-1:1.26.0-14.0.1.el8_3.x86_64
ELBA-2020-4499 bugfix         NetworkManager-team-1:1.26.0-8.0.1.el8.x86_64
ELBA-2020-4850 bugfix         NetworkManager-team-1:1.26.0-9.0.1.el8_3.x86_64
ELBA-2020-5940 bugfix         NetworkManager-team-1:1.26.0-9.0.2.el8_3.x86_64
ELBA-2021-3055 bugfix         NetworkManager-team-1:1.30.0-10.0.1.el8_4.x86_64
ELSA-2021-1574 Moderate/Sec.  NetworkManager-team-1:1.30.0-7.0.1.el8.x86_64
ELBA-2021-2576 bugfix         NetworkManager-team-1:1.30.0-9.0.1.el8_4.x86_64
ELBA-2019-4856 bugfix         NetworkManager-tui-1:1.20.0-3.0.1.el8.x86_64
ELBA-2019-4279 bugfix         NetworkManager-tui-1:1.20.0-5.0.1.el8_1.x86_64
ELBA-2020-1847 bugfix         NetworkManager-tui-1:1.22.8-4.el8.x86_64
ELSA-2020-3011 Moderate/Sec.  NetworkManager-tui-1:1.22.8-5.el8_2.x86_64
ELBA-2020-5474 bugfix         NetworkManager-tui-1:1.26.0-12.0.1.el8_3.x86_64
ELBA-2021-0563 bugfix         NetworkManager-tui-1:1.26.0-13.0.1.el8_3.x86_64
ELBA-2021-1099 bugfix         NetworkManager-tui-1:1.26.0-14.0.1.el8_3.x86_64
ELBA-2020-4499 bugfix         NetworkManager-tui-1:1.26.0-8.0.1.el8.x86_64
ELBA-2020-4850 bugfix         NetworkManager-tui-1:1.26.0-9.0.1.el8_3.x86_64
ELBA-2020-5940 bugfix         NetworkManager-tui-1:1.26.0-9.0.2.el8_3.x86_64
ELBA-2021-3055 bugfix         NetworkManager-tui-1:1.30.0-10.0.1.el8_4.x86_64
ELSA-2019-1959 Important/Sec. kernel-tools-4.18.0-80.7.1.el8_0.x86_64
ELSA-2019-2411 Important/Sec. kernel-tools-4.18.0-80.7.2.el8_0.x86_64
ELSA-2019-3832 Important/Sec. kernel-tools-libs-4.18.0-147.0.2.el8_1.x86_64
ELSA-2019-3871 Important/Sec. kernel-tools-libs-4.18.0-147.0.3.el8_1.x86_64
ELEA-2020-5481 enhancement    microcode_ctl-4:20200609-2.20201112.1.0.1.el8_3.x86_64
ELBA-2021-0621 bugfix         microcode_ctl-4:20200609-2.20210216.1.0.1.el8_3.x86_64
ELBA-2021-1613 bugfix         microcode_ctl-4:20210216-1
ShellScript

4 – Listando a classificação dos pacotes por niveis de criticidade (Moderado, Baixo, Importante).

[root@ol8 ~]# dnf updateinfo list --sec-severity=Moderate
Last metadata expiration check: 0:12:53 ago on Tue 07 Sep 2021 12:15:28 PM -03.
ELSA-2020-3011 Moderate/Sec. NetworkManager-1:1.22.8-5.el8_2.x86_64
ELSA-2021-1574 Moderate/Sec. NetworkManager-1:1.30.0-7.0.1.el8.x86_64
ELSA-2020-3011 Moderate/Sec. NetworkManager-libnm-1:1.22.8-5.el8_2.x86_64
ELSA-2021-1574 Moderate/Sec. NetworkManager-libnm-1:1.30.0-7.0.1.el8.x86_64
ELSA-2020-3011 Moderate/Sec. NetworkManager-team-1:1.22.8-5.el8_2.x86_64
ELSA-2021-1574 Moderate/Sec. NetworkManager-team-1:1.30.0-7.0.1.el8.x86_64
ELSA-2020-3011 Moderate/Sec. NetworkManager-tui-1:1.22.8-5.el8_2.x86_64
ELSA-2021-1574 Moderate/Sec. NetworkManager-tui-1:1.30.0-7.0.1.el8.x86_64
ELSA-2020-1845 Moderate/Sec. bind-export-libs-32:9.11.13-3.el8.x86_64
ELSA-2020-4500 Moderate/Sec. bind-export-libs-32:9.11.20-5.el8.x86_64
ELSA-2019-3583 Moderate/Sec. yum-4.2.7-6.el8.noarch
ShellScript
[root@ol8 ~]# dnf updateinfo list --sec-severity=Low
Last metadata expiration check: 0:13:01 ago on Tue 07 Sep 2021 12:15:28 PM -03.
ELSA-2021-1679 Low/Sec. bash-4.4.19-14.el8.x86_64
ELSA-2019-3552 Low/Sec. bind-export-libs-32:9.11.4-26.P2.el8.x86_64
ELSA-2020-1765 Low/Sec. cups-libs-1:2.2.6-33.el8.x86_64
ELSA-2020-4469 Low/Sec. cups-libs-1:2.2.6-38.el8.x86_64
ELSA-2019-3575 Low/Sec. elfutils-default-yama-scope-0.176-5.el8.noarch
ELSA-2019-3575 Low/Sec. elfutils-libelf-0.176-5.el8.x86_64
ShellScript
[root@ol8 ~]# dnf updateinfo list --sec-severity=Important
Last metadata expiration check: 0:13:09 ago on Tue 07 Sep 2021 12:15:28 PM -03.
ELSA-2020-2338 Important/Sec. bind-export-libs-32:9.11.13-5.el8_2.x86_64
ELSA-2021-0670 Important/Sec. bind-export-libs-32:9.11.20-5.el8_3.1.x86_64
ELSA-2021-1989 Important/Sec. bind-export-libs-32:9.11.26-4.el8_4.x86_64
ELSA-2019-1714 Important/Sec. bind-export-libs-32:9.11.4-17.P2.el8_0.1.x86_64
ELSA-2019-1145 Important/Sec. bind-export-libs-32:9.11.4-17.P2.el8_0.x86_64
ELSA-2020-3014 Important/Sec. dbus-1:1.12.8-10.0.1.el8_2.x86_64
ELSA-2020-3014 Important/Sec. dbus-common-1:1.12.8-10.0.1.el8_2.noarch
ELSA-2020-3014 Important/Sec. dbus-daemon-1:1.12.8-10.0.1.el8_2.x86_64
ELSA-2020-3014 Important/Sec. dbus-libs-1:1.12.8-10.0.1.el8_2.x86_64
ELSA-2020-3014 Important/Sec. dbus-tools-1:1.12.8-10.0.1.el8_2.x86_64
ELSA-2021-2359 Important/Sec. dhcp-client-12:4.3.6-44.el8_4.1.x86_64
ELSA-2021-2359 Important/Sec. dhcp-common-12:4.3.6-44.el8_4.1.noarch
ELSA-2021-2359 Important/Sec. dhcp-libs-12:4.3.6-44.el8_4.1.x86_64
ELSA-2020-4952 Important/Sec. freetype-2.9.1-4.el8_3.1.x86_64
ELSA-2021-2170 Important/Sec. glib2-2.56.4-10.el8_4.x86_64
ELSA-2021-1206 Important/Sec. gnutls-3.6.14-8.el8_3.x86_64
ELSA-2020-2637 Important/Sec. gnutls-3.6.8-11.el8_2.x86_64
ELSA-2019-4869 Important/Sec. grub2-common-1:2.02-78.0.2.el8.noarch
ELSA-2020-5786 Important/Sec. grub2-common-1:2.02-82.0.2.el8_2.1.noarch
ELSA-2021-9077 Important/Sec. grub2-common-1:2.02-90.0.2.el8.noarch
ELSA-2019-4869 Important/Sec. grub2-pc-1:2.02-78.0.2.el8.x86_64
ELSA-2020-5786 Important/Sec. grub2-pc-1:2.02-82.0.2.el8_2.1.x86_64
ELSA-2021-9077 Important/Sec. grub2-pc-1:2.02-90.0.2.el8.x86_64
ShellScript

5 – Para listar Vulnerabilidades e Exposições Comuns (CVE) de segurança.

[root@ol8 ~]# dnf updateinfo list cves
ShellScript

6 – Verificando informações de uma CVE especifica (CVE-2020-4000).

[root@ol8 ~]# dnf updateinfo list --cve CVE-2020-4000
ShellScript

7 – Atualizando uma CVE especifica (CVE-2020-4000).

[root@ol8 ~]# dnf update --cve CVE-2020-4000
ShellScript

8 – Corrigindo ou aplicando atualizações de segurança ELSA.

[root@ol8 ~]# dnf update --advisory ELSA-2020-4010
ShellScript

9 – Para aplicar todas as atualizações de segurança.

[root@ol8 ~]# dnf --security update -y
Last metadata expiration check: 0:06:24 ago on Tue 07 Sep 2021 12:29:24 PM -03.
Dependencies resolved.
====================================================================================================================================================================
 Package                                      Arch                    Version                                              Repository                          Size
====================================================================================================================================================================
Installing:
 kernel                                       x86_64                  4.18.0-305.12.1.el8_4                                ol8_baseos_latest                  5.9 M
 kernel-core                                  x86_64                  4.18.0-305.12.1.el8_4                                ol8_baseos_latest                   36 M
 kernel-modules                               x86_64                  4.18.0-305.12.1.el8_4                                ol8_baseos_latest                   28 M
Upgrading:
 libX11                                       x86_64                  1.6.8-4.el8                                          ol8_appstream                      611 k
 libX11-common                                noarch                  1.6.8-4.el8                                          ol8_appstream                      158 k
 libX11-xcb                                   x86_64                  1.6.8-4.el8                                          ol8_appstream                       14 k
 libdrm                                       x86_64                  2.4.103-1.el8                                        ol8_appstream                      165 k
 libglvnd                                     x86_64                  1:1.3.2-1.el8                                        ol8_appstream                      127 k
 libglvnd-glx                                 x86_64                  1:1.3.2-1.el8                                        ol8_appstream                      137 k
 libjpeg-turbo                                x86_64                  1.5.3-10.el8                                         ol8_appstream                      155 k
 libmspack                                    x86_64                  0.7-0.3.alpha.el8.4                                  ol8_appstream                       71 k
 libreswan                                    x86_64                  4.3-3.0.1.el8                                        ol8_appstream                      1.3 M
 mesa-libGL                                   x86_64                  20.3.3-2.el8                                         ol8_appstream                      188 k
 mesa-libglapi                                x86_64                  20.3.3-2.el8                                         ol8_appstream                       65 k
 nspr                                         x86_64                  4.25.0-2.el8_2                                       ol8_appstream                      142 k
 nss                                          x86_64                  3.53.1-17.el8_3                                      ol8_appstream                      723 k
 nss-softokn                                  x86_64                  3.53.1-17.el8_3                                      ol8_appstream                      484 k
 nss-softokn-freebl                           x86_64                  3.53.1-17.el8_3                                      ol8_appstream                      376 k
 nss-sysinit                                  x86_64                  3.53.1-17.el8_3                                      ol8_appstream                       72 k
 
Complete!
ShellScript

10 – Aplicando atualizações de segurança por categoria.

Atualiza cada pacote para a versão mais recente disponível que fornece uma correção de bug, aprimoramento ou uma correção para um problema de segurança (segurança).

[root@ol8 ~]# dnf --security upgrade-minimal
 ====================================================================================================================================================================
 Package                                      Arch                    Version                                              Repository                          Size
====================================================================================================================================================================
Upgrading:
 libX11                                       x86_64                  1.6.8-4.el8                                          ol8_appstream                      611 k
 libX11-common                                noarch                  1.6.8-4.el8                                          ol8_appstream                      158 k
 libX11-xcb                                   x86_64                  1.6.8-4.el8                                          ol8_appstream                       14 k
 libdrm                                       x86_64                  2.4.103-1.el8                                        ol8_appstream                      165 k
 libglvnd                                     x86_64                  1:1.3.2-1.el8                                        ol8_appstream                      127 k
 libglvnd-glx                                 x86_64                  1:1.3.2-1.el8                                        ol8_appstream                      137 k
 libjpeg-turbo                                x86_64                  1.5.3-10.el8                                         ol8_appstream                      155 k
 libmspack                                    x86_64                  0.7-0.3.alpha.el8.4                                  ol8_appstream                       71 k
 libreswan                                    x86_64                  3.29-7.0.1.el8_2                                     ol8_appstream                      1.3 M
 mesa-libGL                                   x86_64                  20.3.3-2.el8                                         ol8_appstream                      188 k
 mesa-libglapi                                x86_64                  20.3.3-2.el8                                         ol8_appstream                       65 k
 nspr                                         x86_64                  4.25.0-2.el8_2                                       ol8_appstream                      142 k
 nss                                          x86_64                  3.53.1-17.el8_3                                      ol8_appstream                      723 k
 nss-softokn                                  x86_64                  3.53.1-11.el8_2                                      ol8_appstream                      484 k
 nss-softokn-freebl                           x86_64                  3.53.1-11.el8_2                                      ol8_appstream                      289 k
 nss-sysinit                                  x86_64                  3.53.1-17.el8_3                                      ol8_appstream                       72 k
 nss-tools                                    x86_64                  3.53.1-17.el8_3                                      ol8_appstream                      560 k
 nss-util                                     x86_64                  3.53.1-17.el8_3                                      ol8_appstream                      136 k
 plymouth                                     x86_64                  0.9.3-15.0.1.el8                                     ol8_appstream                      114 k
 plymouth-core-libs                           x86_64                  0.9.3-15.0.1.el8                                     ol8_appstream                      114 k
 plymouth-scripts                             x86_64                  0.9.3-15.0.1.el8                                     ol8_appstream                       42 k
 python3-unbound                              x86_64                  1.7.3-15.el8                                         ol8_appstream                      119 k
 rsyslog                                      x86_64                  8.1911.0-3.el8                                       ol8_appstream                      730 k
Transaction Summary
====================================================================================================================================================================
Install   26 Packages
Upgrade  167 Packages
Skip      69 Packages
 
Total download size: 442 M
Is this ok [y/N]: y <========================= YES
Downloading Packages:
(1/193): kernel-4.18.0-240.22.1.el8_3.x86_64.rpm                                                                                    4.8 MB/s | 4.4 MB     00:00
(2/193): kernel-core-4.18.0-240.22.1.el8_3.x86_64.rpm                                                                               7.9 MB/s |  30 MB     00:03
(3/193): grub2-tools-efi-2.02-90.0.2.el8_3.1.x86_64.rpm                                                                              98 kB/s | 472 kB     00:04
(4/193): kernel-core-4.18.0-305.12.1.el8_4.x86_64.rpm                                                                               7.7 MB/s |  36 MB     00:04
(5/193): libssh-config-0.9.4-2.el8.noarch.rpm                                                                                       103 kB/s |  18 kB     00:00
(6/193): libzstd-1.4.4-1.0.1.el8.x86_64.rpm                                                                                         3.3 MB/s | 266 kB     00:00
(7/193): mozjs60-60.9.0-4.0.1.el8.x86_64.rpm                                                                                        7.1 MB/s | 6.6 MB     00:00
(8/193): perl-Encode-2.97-3.el8.x86_64.rpm                                                                                          7.2 MB/s | 1.5 MB     00:00
(9/193): perl-File-Temp-0.230.600-1.el8.noarch.rpm                                                                                  1.4 MB/s |  63 kB     00:00
(10/193): perl-Getopt-Long-2.50-4.el8.noarch.rpm                                                                                    1.4 MB/s |  63 kB     00:00
(11/193): perl-HTTP-Tiny-0.074-1.el8.noarch.rpm                                                                                     741 kB/s |  58 kB     00:00
 
Complete!
ShellScript

11 – Atualizações de segurança e correções bugs apenas referente ao kernel.

[root@ol8 ~]# dnf --security upgrade-minimal kernel*
Last metadata expiration check: 0:49:03 ago on Tue 07 Sep 2021 12:15:28 PM -03.
Dependencies resolved.
====================================================================================================================================================================
 Package                                 Arch                      Version                                               Repository                            Size
====================================================================================================================================================================
Installing:
 kernel                                  x86_64                    4.18.0-240.22.1.el8_3                                 ol8_baseos_latest                    4.4 M
 kernel-core                             x86_64                    4.18.0-305.12.1.el8_4                                 ol8_baseos_latest                     36 M
 kernel-modules                          x86_64                    4.18.0-305.12.1.el8_4                                 ol8_baseos_latest                     28 M
Upgrading:
 dracut                                  x86_64                    049-135.git20210121.0.2.el8                           ol8_baseos_latest                    374 k
 dracut-config-rescue                    x86_64                    049-135.git20210121.0.2.el8                           ol8_baseos_latest                     60 k
 dracut-network                          x86_64                    049-135.git20210121.0.2.el8                           ol8_baseos_latest                    108 k
 dracut-squash                           x86_64                    049-135.git20210121.0.2.el8                           ol8_baseos_latest                     60 k
 iptables                                x86_64                    1.8.4-17.0.1.el8                                      ol8_baseos_latest                    584 k
 iptables-ebtables                       x86_64                    1.8.4-17.0.1.el8                                      ol8_baseos_latest                     72 k
 iptables-libs                           x86_64                    1.8.4-17.0.1.el8                                      ol8_baseos_latest                    107 k
 kernel-tools                            x86_64                    4.18.0-305.12.1.el8_4                                 ol8_baseos_latest                    6.1 M
 kernel-tools-libs                       x86_64                    4.18.0-305.12.1.el8_4                                 ol8_baseos_latest                    5.9 M
 kexec-tools                             x86_64                    2.0.20-46.0.1.el8_4.2                                 ol8_baseos_latest                    510 k
 libnftnl                                x86_64                    1.1.5-4.el8                                           ol8_baseos_latest                     83 k
 linux-firmware                          noarch                    999:20210617-999.8.git0f66b74b.el8                    ol8_baseos_latest                    178 M
 systemd                                 x86_64                    239-45.0.2.el8_4.3                                    ol8_baseos_latest                    3.6 M
 systemd-libs                            x86_64                    239-45.0.2.el8_4.3                                    ol8_baseos_latest                    1.1 M
 systemd-pam                             x86_64                    239-45.0.2.el8_4.3                                    ol8_baseos_latest                    470 k
 systemd-udev                            x86_64                    239-45.0.2.el8_4.3                                    ol8_baseos_latest                    1.4 M
Installing dependencies:
 kernel-core                             x86_64                    4.18.0-240.22.1.el8_3                                 ol8_baseos_latest                     30 M
 kernel-modules                          x86_64                    4.18.0-240.22.1.el8_3                                 ol8_baseos_latest                     26 M
 
Transaction Summary
====================================================================================================================================================================
Install   5 Packages
Upgrade  16 Packages
 
Total download size: 322 M
Is this ok [y/N]: y <========================= YES
Downloading Packages:
(1/21): kernel-core-4.18.0-305.12.1.el8_4.x86_64.rpm                                                                                9.5 MB/s |  36 MB     00:03
(2/21): kernel-4.18.0-240.22.1.el8_3.x86_64.rpm                                                                                     610 kB/s | 4.4 MB     00:07
(3/21): kernel-modules-4.18.0-305.12.1.el8_4.x86_64.rpm                                                                             9.0 MB/s |  28 MB     00:03
(4/21): dracut-049-135.git20210121.0.2.el8.x86_64.rpm                                                                               5.0 MB/s | 374 kB     00:00
(5/21): dracut-config-rescue-049-135.git20210121.0.2.el8.x86_64.rpm                                                                 1.6 MB/s |  60 kB     00:00
(6/21): dracut-network-049-135.git20210121.0.2.el8.x86_64.rpm                                                                       1.1 MB/s | 108 kB     00:00
(7/21): dracut-squash-049-135.git20210121.0.2.el8.x86_64.rpm                                                                        1.3 MB/s |  60 kB     00:00
(8/21): iptables-1.8.4-17.0.1.el8.x86_64.rpm                                                                                        6.9 MB/s | 584 kB     00:00
(9/21): iptables-ebtables-1.8.4-17.0.1.el8.x86_64.rpm                                                                               3.8 MB/s |  72 kB     00:00
(10/21): iptables-libs-1.8.4-17.0.1.el8.x86_64.rpm                                                                                  3.3 MB/s | 107 kB     00:00
(11/21): kernel-tools-4.18.0-305.12.1.el8_4.x86_64.rpm                                                                              4.8 MB/s | 6.1 MB     00:01
(12/21): kernel-tools-libs-4.18.0-305.12.1.el8_4.x86_64.rpm                                                                         5.6 MB/s | 5.9 MB     00:01
(13/21): kernel-core-4.18.0-240.22.1.el8_3.x86_64.rpm                                                                               2.3 MB/s |  30 MB     00:13
(14/21): kexec-tools-2.0.20-46.0.1.el8_4.2.x86_64.rpm                                                                               5.2 MB/s | 510 kB     00:00
(15/21): kernel-modules-4.18.0-240.22.1.el8_3.x86_64.rpm                                                                            2.2 MB/s |  26 MB     00:11
(16/21): systemd-239-45.0.2.el8_4.3.x86_64.rpm                                                                                      6.7 MB/s | 3.6 MB     00:00
(17/21): systemd-libs-239-45.0.2.el8_4.3.x86_64.rpm                                                                                 8.6 MB/s | 1.1 MB     00:00
(18/21): systemd-pam-239-45.0.2.el8_4.3.x86_64.rpm                                                                                  5.3 MB/s | 470 kB     00:00
(19/21): systemd-udev-239-45.0.2.el8_4.3.x86_64.rpm                                                                                 8.1 MB/s | 1.4 MB     00:00
(20/21): libnftnl-1.1.5-4.el8.x86_64.rpm                                                                                             27 kB/s |  83 kB     00:03
(21/21): linux-firmware-20210617-999.8.git0f66b74b.el8.noarch.rpm                                                                    14 MB/s | 178 MB     00:12
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                12 MB/s | 322 MB     00:26
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                            1/1
  Running scriptlet: linux-firmware-999:20210617-999.8.git0f66b74b.el8.noarch                                                                                   1/1
  Upgrading        : linux-firmware-999:20210617-999.8.git0f66b74b.el8.noarch                                                                                  1/37
  Upgrading        : iptables-libs-1.8.4-17.0.1.el8.x86_64                                                                                                     2/37
  Upgrading        : systemd-libs-239-45.0.2.el8_4.3.x86_64                                                                                                    3/37
  Running scriptlet: systemd-libs-239-45.0.2.el8_4.3.x86_64                                                                                                    3/37
  Upgrading        : systemd-pam-239-45.0.2.el8_4.3.x86_64                                                                                                     4/37
  Running scriptlet: systemd-239-45.0.2.el8_4.3.x86_64                                                                                                         5/37
  Upgrading        : systemd-239-45.0.2.el8_4.3.x86_64                                                                                                         5/37
  Running scriptlet: systemd-239-45.0.2.el8_4.3.x86_64                                                                                                         5/37
  Upgrading        : systemd-udev-239-45.0.2.el8_4.3.x86_64                                                                                                    6/37
  Running scriptlet: systemd-udev-239-45.0.2.el8_4.3.x86_64                                                                                                    6/37
  Upgrading        : dracut-049-135.git20210121.0.2.el8.x86_64                                                                                                 7/37
  Installing       : kernel-core-4.18.0-240.22.1.el8_3.x86_64                                                                                                  8/37
  Running scriptlet: kernel-core-4.18.0-240.22.1.el8_3.x86_64                                                                                                  8/37
  Installing       : kernel-modules-4.18.0-240.22.1.el8_3.x86_64                                                                                               9/37
  Running scriptlet: kernel-modules-4.18.0-240.22.1.el8_3.x86_64                                                                                               9/37
  Installing       : kernel-core-4.18.0-305.12.1.el8_4.x86_64                                                                                                 10/37
  Running scriptlet: kernel-core-4.18.0-305.12.1.el8_4.x86_64                                                                                                 10/37
  Upgrading        : dracut-network-049-135.git20210121.0.2.el8.x86_64                                                                                        11/37
  Running scriptlet: dracut-network-049-135.git20210121.0.2.el8.x86_64                                                                                        11/37
  Upgrading        : dracut-squash-049-135.git20210121.0.2.el8.x86_64                                                                                         12/37
  Upgrading        : libnftnl-1.1.5-4.el8.x86_64                                                                                                              13/37
  Running scriptlet: libnftnl-1.1.5-4.el8.x86_64                                                                                                              13/37
  Running scriptlet: iptables-1.8.4-17.0.1.el8.x86_64                                                                                                         14/37
  Upgrading        : iptables-1.8.4-17.0.1.el8.x86_64                                                                                                         14/37
  Running scriptlet: iptables-1.8.4-17.0.1.el8.x86_64                                                                                                         14/37
  Upgrading        : kernel-tools-libs-4.18.0-305.12.1.el8_4.x86_64                                                                                           15/37
  Running scriptlet: kernel-tools-libs-4.18.0-305.12.1.el8_4.x86_64                                                                                           15/37
 
Upgraded:
  dracut-049-135.git20210121.0.2.el8.x86_64        dracut-config-rescue-049-135.git20210121.0.2.el8.x86_64 dracut-network-049-135.git20210121.0.2.el8.x86_64
  dracut-squash-049-135.git20210121.0.2.el8.x86_64 iptables-1.8.4-17.0.1.el8.x86_64                        iptables-ebtables-1.8.4-17.0.1.el8.x86_64
  iptables-libs-1.8.4-17.0.1.el8.x86_64            kernel-tools-4.18.0-305.12.1.el8_4.x86_64               kernel-tools-libs-4.18.0-305.12.1.el8_4.x86_64
  kexec-tools-2.0.20-46.0.1.el8_4.2.x86_64         libnftnl-1.1.5-4.el8.x86_64                             linux-firmware-999:20210617-999.8.git0f66b74b.el8.noarch
  systemd-239-45.0.2.el8_4.3.x86_64                systemd-libs-239-45.0.2.el8_4.3.x86_64                  systemd-pam-239-45.0.2.el8_4.3.x86_64
  systemd-udev-239-45.0.2.el8_4.3.x86_64
 
Installed:
  kernel-4.18.0-240.22.1.el8_3.x86_64                 kernel-core-4.18.0-305.12.1.el8_4.x86_64               kernel-modules-4.18.0-305.12.1.el8_4.x86_64
  kernel-core-4.18.0-240.22.1.el8_3.x86_64            kernel-modules-4.18.0-240.22.1.el8_3.x86_64
 
Complete!
ShellScript

12 – Verificando se ainda possuem atualizações de kernel ou bugs para serem aplicados.

[root@ol8 ~]# dnf --security upgrade-minimal kernel*
Last metadata expiration check: 0:52:36 ago on Tue 07 Sep 2021 12:15:28 PM -03.
No security updates needed for "kernel*", but 1 update available
Dependencies resolved.
Nothing to do.
Complete!
ShellScript

13 -Verificando se temos atualizações de segurança pendentes para serem aplicadas.

[root@ol8 ~]# dnf updateinfo sec
Last metadata expiration check: 0:12:03 ago on Tue 07 Sep 2021 01:25:53 PM -03.
[root@ol8 ~]#
ShellScript

Search for CVE details: https://linux.oracle.com/ords/f?p=130:21

Search for ELSA details: https://linux.oracle.com/ords/f?p=105:21

Leave a Reply

Your email address will not be published. Required fields are marked *

search previous next tag category expand menu location phone mail time cart zoom edit close