The question here is similar, but not identical, to my (broader) question, which is:
TLD;DR version
Are there any tools for CentOS 6 (preferably in the base or EPEL repos) which provide any or all of the following functionality:
- list packages which need updating for security reasons
- list packages which (1) need updating and have (2) been in CESAs / RHSAs recently (i.e. within the last two months). (This assumes that important security updates released earlier than that have already been tested, approved, and deployed)
- list the associated RHSAs or CESAs associated with the above
Why?
The yum-plugin-security package alone and unmodified is not enough.
On CentOS, the yum-security plugin doesn't give complete results. Some installed packages which have had CESA + RHSA updates within the last week are not listed when running yum --security check-update, including updates to the kernel (!). Other packages- e.g. openssh and openssl- are listed.
While I could write a tool with the second two pieces of functionality within about a day or two by spidering the CentOS announce mailing list archives, I'd much rather work with / work on an existing tool rather than reinvent the wheel.
