Chapter 3. Security Updates

As security exploits in software are discovered, the software must be fixed to close the possible security risk. If the package is part of an Red Hat Linux distribution that is currently supported, Red Hat, Inc. is committed to releasing updated packages that fix security holes as soon as possible. If the announcement of the security exploit is accompanied with a patch (or source code that fixes the problem), the patch is applied to the Red Hat Linux package, tested by the quality assurance team, and released as an errata update. If the announcement does not include a patch, a Red Hat Linux developer will work with the maintainer of the package to fix the problem. After the problem is fixed, it is tested and released as an errata update.

If you are using a package for which a security errata report is released, it is highly recommended that you update to the security errata packages as soon as they are released to minimize the time your system is exploitable.

Not only do you want to update to the latest packages that fix any security exploits, but you also want to make sure the latest packages do not contain further exploits such as a trojan horse. A cracker can easily rebuild a version of a package (with the same version number as the one that is supposed to fix the problem) but with a different security exploit in the package and release it on the Internet. If this happens, using security measures such as verifying files against the original RPM will not detect the exploit. Thus, it is very important that you only download RPMs from sources, such as from Red Hat, Inc., and check the signature of the package to make sure it was built by the source.

Red Hat offers two ways to retrieve security updates:

  1. Download from Red Hat Network

  2. Downloaded from the Red Hat Linux Errata website

3.1. Using Red Hat Network

Red Hat Network allows you to automate most of the update process. It determines which RPM packages are necessary for your system, downloads them from a secure repository, verifies the RPM signature to make sure they have not been tampered with, and updates them. The package install can occur immediately or can be scheduled during a certain time period.

Red Hat Network requires you to provide a System Profile for each machine that you want updated. The System Profile contains hardware and software information about the system. This information is kept confidential and not give to anyone else. It is only used to determine which errata updates are applicable to each system. Without it, Red Hat Network can not determine whether your system needs updates. When a security errata (or any type of errata) is released, Red Hat Network will send you an email with a description of the errata as well as which of your systems are affected. To apply the update, you can use the Red Hat Update Agent or schedule the package to be updated through the website

To learn more about the benefits of Red Hat Network, refer to the Red Hat Network Reference Guide available at or visit