9.4 Listing and Applying Available Security Updates and Other Errata Using spacecmd

To list the security, bug-fix, and product-enhancement advisory errata that are available for a client system, use the system_listerrata command:

spacecmd {SSM:0}> system_listerrata svr1.mydom.com
Security Errata
---------------
ELSA-2015-1072  Moderate:  openssl security update                    6/4/15
ELSA-2015-0863  Moderate:  glibc security and bug fix update         4/21/15
ELSA-2015-0794  Moderate:  krb5 security update                       4/9/15
ELSA-2015-0715  Moderate:  openssl security update                   3/23/15
ELSA-2015-0700  Moderate:  unzip security update                     3/18/15
ELSA-2015-0672  Moderate:  bind security update                      3/12/15
ELSA-2015-0092  Critical:  glibc security update                     1/27/15
ELSA-2015-0074  Important:  jasper security update                   1/22/15
ELSA-2015-0066  Moderate:  openssl security update                   1/20/15
...

Bug Fix Errata
--------------
ELBA-2015-1085  db4 bug fix update                                   6/10/15
ELBA-2015-1033  glibc bug fix update                                 5/27/15
ELBA-2015-1018  lvm2 bug fix update                                  5/20/15
...

Enhancement Errata
------------------
ELEA-2015-0913   tzdata enhancement update                           4/28/15
ELEA-2015-0855   tzdata enhancement update                           4/18/15
ELEA-2015-3031   kexec-tools enhancement update                      4/17/15
...

To find out more details about an erratum, use the errata_details command.

spacecmd {SSM:0}> errata_details ELSA-2015-1115
Name:       ELSA-2015-1115
Product:    Oracle Linux 6
Type:       Security Advisory
Issue Date: 6/15/15

Topic
-----


Description
-----------
[1.0.1e-42.8] - improved fix for CVE-2015-1791 - add missing parts of
CVE-2015-0209 fix for corectness although unexploitable  [1.0.1e-42.7]
- fix CVE-2014-8176 - invalid free in DTLS buffering code - fix
CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix
CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix
CVE-2015-1791 - race condition handling NewSessionTicket - fix
CVE-2015-1792 - CMS verify infinite loop with unknown hash function -
fix CVE-2015-3216 - regression in RAND locking that can cause
segfaults on   read in multithreaded applications

CVEs
----
CVE-2014-8176
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
CVE-2015-3216

Solution
--------


References
----------


Affected Channels
-----------------
ol6u6-x86_64

Affected Systems
----------------
3

Affected Packages
-----------------
openssl-1.0.1e-30.el6_6.11.i686
openssl-1.0.1e-30.el6_6.11.x86_64
openssl-devel-1.0.1e-30.el6_6.11.i686
openssl-devel-1.0.1e-30.el6_6.11.x86_64
openssl-perl-1.0.1e-30.el6_6.11.x86_64
openssl-static-1.0.1e-30.el6_6.11.x86_64

To find the errata that fix a CVE, use the errata_findbycve command.

spacecmd {SSM:0}> errata_findbycve CVE-2015-3216
CVE-2015-3216:
ELSA-2015-1115

To list the systems to which you could apply an erratum, use the errata_listaffectedsystems command.

spacecmd {SSM:0}> errata_listaffectedsystems ELSA-2015-1115
ELSA-2015-1115:
svr1.mydom.com
svr2.mydom.com
svr3.mydom.com

To apply an erratum to a system, use the system_applyerrata command.

spacecmd {SSM:0}> system_applyerrata svr1.mydom.com ELSA-2015-1115
Errata             Systems
--------------     -------
ELSA-2015-1115           1

Apply these errata [y/N]: y
INFO: Scheduled 1 system(s) for ELSA-2015-1115

You can apply errata to multiple systems by specifying the following arguments in place of a system name:

channel:channel_name

Matches systems that are subscribed to the specified software channel.

group:group_name

Specifies the systems in the named system group.

search:criterion:value

Matches systems that match a search criterion. See Section 8.3, “Searching for Systems Using spacecmd”.

ssm

Specifies the systems that are currently in the system set, for example:

spacecmd {SSM:0}> ssm_add svr2.mydom.com svr3.mydom.com
spacecmd {SSM:2}> system_applyerrata ssm ELSA-2015-1115
Errata             Systems
--------------     -------
ELSA-2015-1115           2

Apply these errata [y/N]: y
INFO: Scheduled 2 system(s) for ELSA-2015-1115
spacecmd {SSM:2}> ssm_clear
spacecmd {SSM:0}>