Red Hat Enterprise Linuxのマイナーリリースは固定せずに適宜アップデートして欲しい件

Red Hat Enterprise Linuxのマイナーリリースは固定せずに適宜アップデートして欲しい件

Clock Icon2023.07.31




皆さんは定期的にRed Hat Enterprise Linux(以降RHEL)のマイナーリリースは固定して運用されていますか? 全てのパッケージのマイナーリリースを固定するのは止めましょう。



抜粋 : Red Hat Enterprise Linux ライフサイクル EUS, AUS, ELSの考え方 P.4


Errataの重要度や優先度が限定的ではありますが、特定マイナーリリースのサポート期間を2年間に延長する仕組みとしてEUS(Extended Update Support)があります。


2023/8/2 追記 : RHELのライセンス込みのAMIを使った従量課金インスタンスでもEUSを使えることを確認しました。以下記事で検証しているのでご覧ください。


注意: システム全体をアクティブなマイナーリリースにアップデートする必要はありません。影響を受けている特定のパッケージだけをアップデートしてください。

RHEL の特定リリースに関するサポート状況 - Red Hat Customer Portal 


Red Hat では、システムのパッケージが 1 つのマイナーリリースで完全に構成されている必要はありませんが、カーネルバージョンと /etc/redhat-release の内容の 2 点が、追加のユーザー領域のパッケージのアップデート状態を深く調べることなく、マイナーリリースを判別する助けになると、多くの人々は考えています。また、マイナーリリースとは、同じ日に公開される数百ものエラータを集約して、便宜上ひとつのリリースとラベル付けされたものと考えることもできます。

メジャーリリース、マイナーリリース、および非同期リリースはそれぞれどのような点が異なりますか? - Red Hat Customer Portal

RHELのライフサイクルや特定リリースに対するサポート方針については以下Red Hat公式ドキュメントをご覧ください。



  • RHELの標準的なポリシーとして、最新ではないマイナーバージョンについては新規修正が行われない
  • 最新でないマイナーリリースを指定してアップデートすると、最新バージョンのパッケージにセキュリティの修正があったとしても、その最新バージョンまでアップデートされない
  • 塩漬けはせずに適宜アップデートしよう



検証用のEC2インスタンスとしてRHEL 8.5のEC2インスタンスを用意しました。


  • RHEL-8.5.0_HVM-20211103-x86_64-0-Hourly2-GP2
  • ami-06644055bed38ebd9


$ sudo dnf search httpd --showduplicates | grep ": Apache HTTP Server" | sort
Last metadata expiration check: 0:04:27 ago on Sun 30 Jul 2023 12:04:13 PM UTC.
httpd-2.4.37-10.module+el8+2764+7127e69e.x86_64 : Apache HTTP Server
httpd-2.4.37-11.module+el8.0.0+2969+90015743.x86_64 : Apache HTTP Server
httpd-2.4.37-12.module+el8.0.0+4096+eb40e6da.x86_64 : Apache HTTP Server
httpd-2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64 : Apache HTTP Server
httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64 : Apache HTTP Server
httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 : Apache HTTP Server
httpd-2.4.37-39.module+el8.4.0+12865+a7065a39.1.x86_64 : Apache HTTP Server
httpd-2.4.37-39.module+el8.4.0+13086+7519fa2d.2.x86_64 : Apache HTTP Server
httpd-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64 : Apache HTTP Server
httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64 : Apache HTTP Server
httpd-2.4.37-43.module+el8.5.0+13064+c4b14997.x86_64 : Apache HTTP Server
httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64 : Apache HTTP Server
httpd-2.4.37-43.module+el8.5.0+14370+51c6d843.2.x86_64 : Apache HTTP Server
httpd-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64 : Apache HTTP Server
httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 : Apache HTTP Server
httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64 : Apache HTTP Server
httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64 : Apache HTTP Server
httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64 : Apache HTTP Server
httpd-2.4.37-51.module+el8.7.0+18499+2e106f0b.5.x86_64 : Apache HTTP Server
httpd-2.4.37-56.module+el8.8.0+18556+a66138c1.4.x86_64 : Apache HTTP Server
httpd-2.4.37-56.module+el8.8.0+18758+b3a9c8da.6.x86_64 : Apache HTTP Server

RHEL 8.8のhttpdまで表示されましたね。


$ sudo dnf install httpd
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:12:44 ago on Sun 30 Jul 2023 12:25:41 PM UTC.
Dependencies resolved.
 Package                       Architecture      Version                                                 Repository                             Size
 httpd                         x86_64            2.4.37-56.module+el8.8.0+18758+b3a9c8da.6               rhel-8-appstream-rhui-rpms            1.4 M
Installing dependencies:
 apr                           x86_64            1.6.3-12.el8                                            rhel-8-appstream-rhui-rpms            130 k
 apr-util                      x86_64            1.6.1-6.el8_8.1                                         rhel-8-appstream-rhui-rpms            105 k
 httpd-filesystem              noarch            2.4.37-56.module+el8.8.0+18758+b3a9c8da.6               rhel-8-appstream-rhui-rpms             43 k
 httpd-tools                   x86_64            2.4.37-56.module+el8.8.0+18758+b3a9c8da.6               rhel-8-appstream-rhui-rpms            110 k
 mailcap                       noarch            2.1.48-3.el8                                            rhel-8-baseos-rhui-rpms                39 k
 mod_http2                     x86_64            1.15.7-8.module+el8.8.0+18751+b4557bca.3                rhel-8-appstream-rhui-rpms            155 k
 redhat-logos-httpd            noarch            84.5-1.el8                                              rhel-8-baseos-rhui-rpms                29 k
Installing weak dependencies:
 apr-util-bdb                  x86_64            1.6.1-6.el8_8.1                                         rhel-8-appstream-rhui-rpms             25 k
 apr-util-openssl              x86_64            1.6.1-6.el8_8.1                                         rhel-8-appstream-rhui-rpms             27 k
Enabling module streams:
 httpd                                           2.4

Transaction Summary
Install  10 Packages

Total download size: 2.1 M
Installed size: 5.5 M
Is this ok [y/N]: N
Operation aborted.





$ man dnf
      Configure  DNF  as  if  the distribution release was <release>. This can affect cache paths, values in configuration files and 
      mirrorlist URLs.


$ cat /etc/yum.repos.d/redhat-rhui.repo
name=Red Hat Enterprise Linux 8 for $basearch - AppStream from RHUI (RPMs)
name=Red Hat Enterprise Linux 8 for $basearch - BaseOS from RHUI (RPMs)


$ sudo dnf search httpd --showduplicates --releasever=8.6 | grep ": Apache HTTP Server" | sort
Red Hat Enterprise Linux 8 for x86_64 - AppStre  75 MB/s |  47 MB     00:00
Red Hat Enterprise Linux 8 for x86_64 - BaseOS   78 MB/s |  53 MB     00:00
Last metadata expiration check: 0:00:12 ago on Sun 30 Jul 2023 12:09:42 PM UTC.
httpd-2.4.37-10.module+el8+2764+7127e69e.x86_64 : Apache HTTP Server
httpd-2.4.37-11.module+el8.0.0+2969+90015743.x86_64 : Apache HTTP Server
httpd-2.4.37-12.module+el8.0.0+4096+eb40e6da.x86_64 : Apache HTTP Server
httpd-2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64 : Apache HTTP Server
httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64 : Apache HTTP Server
httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64 : Apache HTTP Server
httpd-2.4.37-39.module+el8.4.0+12865+a7065a39.1.x86_64 : Apache HTTP Server
httpd-2.4.37-39.module+el8.4.0+13086+7519fa2d.2.x86_64 : Apache HTTP Server
httpd-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64 : Apache HTTP Server
httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64 : Apache HTTP Server
httpd-2.4.37-43.module+el8.5.0+13064+c4b14997.x86_64 : Apache HTTP Server
httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1.x86_64 : Apache HTTP Server
httpd-2.4.37-43.module+el8.5.0+14370+51c6d843.2.x86_64 : Apache HTTP Server
httpd-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64 : Apache HTTP Server
httpd-2.4.37-47.module+el8.6.0+14529+083145da.1.x86_64 : Apache HTTP Server
httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64 : Apache HTTP Server

RHEL 8.6までのものしか表示されなくなりましたね。

マイナーリリースRHEL 8.6を指定してにインストールされるhttpdのバージョンを確認します。

$ sudo dnf install httpd --releasever=8.6
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:14:16 ago on Sun 30 Jul 2023 12:25:41 PM UTC.
Dependencies resolved.
 Package                       Architecture      Version                                                 Repository                             Size
 httpd                         x86_64            2.4.37-47.module+el8.6.0+15654+427eba2e.2               rhel-8-appstream-rhui-rpms            1.4 M
Installing dependencies:
 apr                           x86_64            1.6.3-12.el8                                            rhel-8-appstream-rhui-rpms            130 k
 apr-util                      x86_64            1.6.1-6.el8                                             rhel-8-appstream-rhui-rpms            105 k
 httpd-filesystem              noarch            2.4.37-47.module+el8.6.0+15654+427eba2e.2               rhel-8-appstream-rhui-rpms             41 k
 httpd-tools                   x86_64            2.4.37-47.module+el8.6.0+15654+427eba2e.2               rhel-8-appstream-rhui-rpms            108 k
 mailcap                       noarch            2.1.48-3.el8                                            rhel-8-baseos-rhui-rpms                39 k
 mod_http2                     x86_64            1.15.7-5.module+el8.6.0+13996+01710940                  rhel-8-appstream-rhui-rpms            155 k
 redhat-logos-httpd            noarch            84.5-1.el8                                              rhel-8-baseos-rhui-rpms                29 k
Installing weak dependencies:
 apr-util-bdb                  x86_64            1.6.1-6.el8                                             rhel-8-appstream-rhui-rpms             25 k
 apr-util-openssl              x86_64            1.6.1-6.el8                                             rhel-8-appstream-rhui-rpms             27 k
Enabling module streams:
 httpd                                           2.4

Transaction Summary
Install  10 Packages

Total download size: 2.1 M
Installed size: 5.5 M
Is this ok [y/N]: N
Operation aborted.

RHEL 8.6の最新のhttpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64であることが分かりました。





Errata一覧および、その内容はRed Hat Product Errataから確認できます。


まず、dnf updateinfoで現在適用できるErrataの数と種類を表示します。

$ sudo dnf updateinfo
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:14:01 ago on Sun 30 Jul 2023 12:04:13 PM UTC.
Updates Information Summary: available
    114 Security notice(s)
         38 Important Security notice(s)
         70 Moderate Security notice(s)
          6 Low Security notice(s)
    320 Bugfix notice(s)
     11 Enhancement notice(s)


dnf updateinfo listで各Errataとパッケージのリストを表示します。

$ sudo dnf updateinfo list
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:14:23 ago on Sun 30 Jul 2023 12:04:13 PM UTC.
RHBA-2022:1549 bugfix         NetworkManager-1:1.32.10-5.el8_5.x86_64
RHEA-2022:1985 enhancement    NetworkManager-1:1.36.0-4.el8.x86_64
RHBA-2022:5320 bugfix         NetworkManager-1:1.36.0-7.el8_6.x86_64
RHBA-2022:7104 bugfix         NetworkManager-1:1.36.0-9.el8_6.x86_64
RHSA-2022:1642 Important/Sec. zlib-1.2.11-18.el8_5.x86_64
RHSA-2022:7106 Moderate/Sec.  zlib-1.2.11-19.el8_6.x86_64
RHBA-2022:7724 bugfix         zlib-1.2.11-20.el8.x86_64
RHBA-2023:0090 bugfix         zlib-1.2.11-21.el8_7.x86_64

Errataの詳細はdnf updateinfo --infoで確認できます。


$ sudo dnf updateinfo --info zlib
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:20:36 ago on Sun 30 Jul 2023 12:04:13 PM UTC.
  Important: zlib security update
  Update ID: RHSA-2022:1642
       Type: security
    Updated: 2022-04-28 14:07:14
       Bugs: 2067945 - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
       CVEs: CVE-2018-25032
Description: The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
           : Security Fix(es):
           : * zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)
           : For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, referto the CVE page(s) listed in the References section.
   Severity: Important

  Moderate: zlib security update
  Update ID: RHSA-2022:7106
       Type: security
    Updated: 2022-10-25 07:22:56
       Bugs: 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
       CVEs: CVE-2022-37434
Description: The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
           : Security Fix(es):
           : * zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434)
           : For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, referto the CVE page(s) listed in the References section.
   Severity: Moderate

  zlib bug fix and enhancement update
  Update ID: RHBA-2022:7724
       Type: bugfix
    Updated: 2022-11-08 06:27:07
Description: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
   Severity: None

  zlib bug fix and enhancement update
  Update ID: RHBA-2023:0090
       Type: bugfix
    Updated: 2023-01-12 08:25:21
Description: The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
           : Bug Fix(es) and Enhancement(s):
           : * RHEL8.4 - zlib: inflate() does not update strm.adler if DFLTCC is used (BZ#2137336)
   Severity: None




$ sudo dnf upgrade zlib
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:01:10 ago on Sun 30 Jul 2023 12:25:41 PM UTC.
Dependencies resolved.
 Package                    Architecture                 Version                                 Repository                                     Size
 zlib                       x86_64                       1.2.11-21.el8_7                         rhel-8-baseos-rhui-rpms                       103 k

Transaction Summary
Upgrade  1 Package

Total download size: 103 k
Is this ok [y/N]: N
Operation aborted.

今回は試しにzlibをRHEL 8.6のパッケージまでアップデートしてみて、dnf updateinfoの結果がどのようになるか確認します。

# RHEL 8.6のパッケージまでアップデート
$ sudo dnf upgrade zlib --releasever=8.6
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:02:27 ago on Sun 30 Jul 2023 12:25:41 PM UTC.
Dependencies resolved.
 Package                    Architecture                 Version                                 Repository                                     Size
 zlib                       x86_64                       1.2.11-19.el8_6                         rhel-8-baseos-rhui-rpms                       103 k

Transaction Summary
Upgrade  1 Package

Total download size: 103 k
Is this ok [y/N]: y
Downloading Packages:
zlib-1.2.11-19.el8_6.x86_64.rpm                                                                                      3.3 MB/s | 103 kB     00:00
Total                                                                                                                1.3 MB/s | 103 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                             1/1
  Upgrading        : zlib-1.2.11-19.el8_6.x86_64                                                                                                 1/2
  Cleanup          : zlib-1.2.11-17.el8.x86_64                                                                                                   2/2
  Running scriptlet: zlib-1.2.11-17.el8.x86_64                                                                                                   2/2
  Verifying        : zlib-1.2.11-19.el8_6.x86_64                                                                                                 1/2
  Verifying        : zlib-1.2.11-17.el8.x86_64                                                                                                   2/2
Installed products updated.



# アップデート後のzlibに適用可能なErrata一覧
$ sudo dnf updateinfo --info zlib
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:03:28 ago on Sun 30 Jul 2023 12:25:41 PM UTC.
  zlib bug fix and enhancement update
  Update ID: RHBA-2022:7724
       Type: bugfix
    Updated: 2022-11-08 06:27:07
Description: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
   Severity: None

  zlib bug fix and enhancement update
  Update ID: RHBA-2023:0090
       Type: bugfix
    Updated: 2023-01-12 08:25:21
Description: The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
           : Bug Fix(es) and Enhancement(s):
           : * RHEL8.4 - zlib: inflate() does not update strm.adler if DFLTCC is used (BZ#2137336)
   Severity: None

# 適用可能なErrata数
$ sudo dnf updateinfo
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:03:54 ago on Sun 30 Jul 2023 12:25:41 PM UTC.
Updates Information Summary: available
    112 Security notice(s)
         37 Important Security notice(s)
         69 Moderate Security notice(s)
          6 Low Security notice(s)
    320 Bugfix notice(s)
     11 Enhancement notice(s)

Security notice(s)が114から112と2つ減りましたね。zlib-1.2.11-19.el8_6.x86_64にしたことでRHSA-2022:1642RHSA-2022:7106が適用されたためです。



最後に、dnf upgradeで全てのパッケージをアップデートします。

まず、RHEL 8.6を指定した場合です。

$ sudo dnf upgrade --releasever=8.6
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:58:45 ago on Sun 30 Jul 2023 12:25:41 PM UTC.
Dependencies resolved.
 Package                                      Architecture Version                                           Repository                         Size
 kernel                                       x86_64       4.18.0-372.32.1.el8_6                             rhel-8-baseos-rhui-rpms           8.1 M
 kernel-core                                  x86_64       4.18.0-372.32.1.el8_6                             rhel-8-baseos-rhui-rpms            40 M
 kernel-modules                               x86_64       4.18.0-372.32.1.el8_6                             rhel-8-baseos-rhui-rpms            32 M
 NetworkManager                               x86_64       1:1.36.0-9.el8_6                                  rhel-8-baseos-rhui-rpms           2.3 M
 NetworkManager-cloud-setup                   x86_64       1:1.36.0-9.el8_6                                  rhel-8-appstream-rhui-rpms        190 k
Installing dependencies:
 NetworkManager-initscripts-updown            noarch       1:1.36.0-9.el8_6                                  rhel-8-baseos-rhui-rpms           138 k
 amazon-libdnf-plugin                         x86_64       1.0.1-1.el8                                       rhui-client-config-server-8        15 k
 grub2-tools-efi                              x86_64       1:2.02-123.el8_6.8                                rhel-8-baseos-rhui-rpms           477 k
 python3-netifaces                            x86_64       0.10.6-4.el8                                      rhel-8-appstream-rhui-rpms         25 k
Installing weak dependencies:
 glibc-gconv-extra                            x86_64       2.28-189.5.el8_6                                  rhel-8-baseos-rhui-rpms           1.5 M
Enabling module streams:
 virt                                                      rhel

Transaction Summary
Install    8 Packages
Upgrade  194 Packages

Total download size: 449 M
Is this ok [y/N]: y
Downloading Packages:
(1/202): python3-netifaces-0.10.6-4.el8.x86_64.rpm                                                                   626 kB/s |  25 kB     00:00
(2/202): glibc-gconv-extra-2.28-189.5.el8_6.x86_64.rpm                                                                27 MB/s | 1.5 MB     00:00
(3/202): grub2-tools-efi-2.02-123.el8_6.8.x86_64.rpm                                                                 7.2 MB/s | 477 kB     00:00
(4/202): kernel-modules-4.18.0-372.32.1.el8_6.x86_64.rpm                                                              54 MB/s |  32 MB     00:00
(5/202): NetworkManager-initscripts-updown-1.36.0-9.el8_6.noarch.rpm                                                 248 kB/s | 138 kB     00:00
(6/202): amazon-libdnf-plugin-1.0.1-1.el8.x86_64.rpm                                                                 671 kB/s |  15 kB     00:00
  vim-minimal-2:8.0.1763-19.el8_6.4.x86_64                            virt-what-1.18-13.el8.x86_64
  which-2.21-17.el8.x86_64                                            xfsprogs-5.0.0-10.el8.x86_64
  xz-5.2.4-4.el8_6.x86_64                                             xz-libs-5.2.4-4.el8_6.x86_64
  yum-4.7.0-8.el8.noarch                                              yum-utils-4.0.21-11.el8.noarch
  NetworkManager-initscripts-updown-1:1.36.0-9.el8_6.noarch   amazon-libdnf-plugin-1.0.1-1.el8.x86_64   glibc-gconv-extra-2.28-189.5.el8_6.x86_64
  grub2-tools-efi-1:2.02-123.el8_6.8.x86_64                   kernel-4.18.0-372.32.1.el8_6.x86_64       kernel-core-4.18.0-372.32.1.el8_6.x86_64
  kernel-modules-4.18.0-372.32.1.el8_6.x86_64                 python3-netifaces-0.10.6-4.el8.x86_64



$ sudo dnf updateinfo
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Red Hat Enterprise Linux 8 for x86_64 - AppStream from RHUI (RPMs)                                                    83 MB/s |  58 MB     00:00
Red Hat Enterprise Linux 8 for x86_64 - BaseOS from RHUI (RPMs)                                                       83 MB/s |  62 MB     00:00
Red Hat Ansible Engine 2 for RHEL 8 (RPMs) from RHUI                                                                  18 MB/s | 2.5 MB     00:00
RHUI Client Configuration Server 8                                                                                    45 kB/s | 3.7 kB     00:00
Updates Information Summary: available
     62 Security notice(s)
         22 Important Security notice(s)
         37 Moderate Security notice(s)
          3 Low Security notice(s)
    183 Bugfix notice(s)
      5 Enhancement notice(s)
Security: kernel-core-4.18.0-372.32.1.el8_6.x86_64 is an installed security update
Security: kernel-core-4.18.0-348.el8.x86_64 is the currently running version


ちなみにSecurity: kernel-core-4.18.0-348.el8.x86_64 is the currently running versionはOSを再起動していないため、アップデート前のバージョンのカーネルで動作していることを指しています。


$ sudo dnf upgrade
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:01:39 ago on Sun 30 Jul 2023 01:33:45 PM UTC.
Dependencies resolved.
 Package                                      Architecture Version                                            Repository                        Size
 kernel                                       x86_64       4.18.0-477.15.1.el8_8                              rhel-8-baseos-rhui-rpms          9.4 M
 kernel-core                                  x86_64       4.18.0-477.15.1.el8_8                              rhel-8-baseos-rhui-rpms           42 M
 kernel-modules                               x86_64       4.18.0-477.15.1.el8_8                              rhel-8-baseos-rhui-rpms           34 M
 NetworkManager                               x86_64       1:1.40.16-3.el8_8                                  rhel-8-baseos-rhui-rpms          2.3 M
 NetworkManager-cloud-setup                   x86_64       1:1.40.16-3.el8_8                                  rhel-8-appstream-rhui-rpms       196 k
Installing dependencies:
 policycoreutils-python-utils                 noarch       2.9-24.el8                                         rhel-8-baseos-rhui-rpms          254 k
 python3-systemd                              x86_64       234-8.el8                                          rhel-8-appstream-rhui-rpms        81 k

Transaction Summary
Install    5 Packages
Upgrade  217 Packages

Total download size: 530 M
Is this ok [y/N]: y
Downloading Packages:
(1/222): python3-systemd-234-8.el8.x86_64.rpm                                                                        1.7 MB/s |  81 kB     00:00
(2/222): policycoreutils-python-utils-2.9-24.el8.noarch.rpm                                                          4.5 MB/s | 254 kB     00:00
(3/222): kernel-4.18.0-477.15.1.el8_8.x86_64.rpm                                                                      35 MB/s | 9.4 MB     00:00
  which-2.21-18.el8.x86_64                                                     xfsprogs-5.0.0-11.el8_8.x86_64
  yum-4.7.0-16.el8_8.noarch                                                    yum-utils-4.0.21-19.el8_8.noarch
  kernel-4.18.0-477.15.1.el8_8.x86_64                 kernel-core-4.18.0-477.15.1.el8_8.x86_64      kernel-modules-4.18.0-477.15.1.el8_8.x86_64
  policycoreutils-python-utils-2.9-24.el8.noarch      python3-systemd-234-8.el8.x86_64



$ sudo dnf updateinfo
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:11:47 ago on Sun 30 Jul 2023 01:33:45 PM UTC.
Updates Information Summary: available
    18 Security notice(s)
        14 Important Security notice(s)
         4 Moderate Security notice(s)
Security: kernel-core-4.18.0-477.15.1.el8_8.x86_64 is an installed security update
Security: kernel-core-4.18.0-348.el8.x86_64 is the currently running version


$ sudo dnf updateinfo --list
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:12:12 ago on Sun 30 Jul 2023 01:33:45 PM UTC.
RHSA-2022:0188 Important/Sec. kernel-4.18.0-348.12.2.el8_5.x86_64
RHSA-2021:4647 Important/Sec. kernel-4.18.0-348.2.1.el8_5.x86_64
RHSA-2022:0825 Important/Sec. kernel-4.18.0-348.20.1.el8_5.x86_64
RHSA-2022:1550 Important/Sec. kernel-4.18.0-348.23.1.el8_5.x86_64
RHSA-2021:5227 Moderate/Sec.  kernel-4.18.0-348.7.1.el8_5.x86_64
RHSA-2022:5316 Important/Sec. kernel-4.18.0-372.13.1.el8_6.x86_64
RHSA-2022:5564 Important/Sec. kernel-4.18.0-372.16.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:1988 Important/Sec. kernel-4.18.0-372.9.1.el8.x86_64
RHSA-2023:0101 Important/Sec. kernel-4.18.0-425.10.1.el8_7.x86_64
RHSA-2023:0832 Important/Sec. kernel-4.18.0-425.13.1.el8_7.x86_64
RHSA-2023:1566 Important/Sec. kernel-4.18.0-425.19.2.el8_7.x86_64
RHSA-2022:7683 Moderate/Sec.  kernel-4.18.0-425.3.1.el8.x86_64
RHSA-2023:2951 Important/Sec. kernel-4.18.0-477.10.1.el8_8.x86_64
RHSA-2023:3349 Important/Sec. kernel-4.18.0-477.13.1.el8_8.x86_64
RHSA-2023:3847 Moderate/Sec.  kernel-4.18.0-477.15.1.el8_8.x86_64
RHSA-2022:0188 Important/Sec. kernel-core-4.18.0-348.12.2.el8_5.x86_64
RHSA-2021:4647 Important/Sec. kernel-core-4.18.0-348.2.1.el8_5.x86_64
RHSA-2022:0825 Important/Sec. kernel-core-4.18.0-348.20.1.el8_5.x86_64
RHSA-2022:1550 Important/Sec. kernel-core-4.18.0-348.23.1.el8_5.x86_64
RHSA-2021:5227 Moderate/Sec.  kernel-core-4.18.0-348.7.1.el8_5.x86_64
RHSA-2022:5316 Important/Sec. kernel-core-4.18.0-372.13.1.el8_6.x86_64
RHSA-2022:5564 Important/Sec. kernel-core-4.18.0-372.16.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-core-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-core-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-core-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:1988 Important/Sec. kernel-core-4.18.0-372.9.1.el8.x86_64
RHSA-2023:0101 Important/Sec. kernel-core-4.18.0-425.10.1.el8_7.x86_64
RHSA-2023:0832 Important/Sec. kernel-core-4.18.0-425.13.1.el8_7.x86_64
RHSA-2023:1566 Important/Sec. kernel-core-4.18.0-425.19.2.el8_7.x86_64
RHSA-2022:7683 Moderate/Sec.  kernel-core-4.18.0-425.3.1.el8.x86_64
RHSA-2023:2951 Important/Sec. kernel-core-4.18.0-477.10.1.el8_8.x86_64
RHSA-2023:3349 Important/Sec. kernel-core-4.18.0-477.13.1.el8_8.x86_64
RHSA-2023:3847 Moderate/Sec.  kernel-core-4.18.0-477.15.1.el8_8.x86_64
RHSA-2022:0188 Important/Sec. kernel-modules-4.18.0-348.12.2.el8_5.x86_64
RHSA-2021:4647 Important/Sec. kernel-modules-4.18.0-348.2.1.el8_5.x86_64
RHSA-2022:0825 Important/Sec. kernel-modules-4.18.0-348.20.1.el8_5.x86_64
RHSA-2022:1550 Important/Sec. kernel-modules-4.18.0-348.23.1.el8_5.x86_64
RHSA-2021:5227 Moderate/Sec.  kernel-modules-4.18.0-348.7.1.el8_5.x86_64
RHSA-2022:5316 Important/Sec. kernel-modules-4.18.0-372.13.1.el8_6.x86_64
RHSA-2022:5564 Important/Sec. kernel-modules-4.18.0-372.16.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-modules-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-modules-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-modules-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:1988 Important/Sec. kernel-modules-4.18.0-372.9.1.el8.x86_64
RHSA-2023:0101 Important/Sec. kernel-modules-4.18.0-425.10.1.el8_7.x86_64
RHSA-2023:0832 Important/Sec. kernel-modules-4.18.0-425.13.1.el8_7.x86_64
RHSA-2023:1566 Important/Sec. kernel-modules-4.18.0-425.19.2.el8_7.x86_64
RHSA-2022:7683 Moderate/Sec.  kernel-modules-4.18.0-425.3.1.el8.x86_64
RHSA-2023:2951 Important/Sec. kernel-modules-4.18.0-477.10.1.el8_8.x86_64
RHSA-2023:3349 Important/Sec. kernel-modules-4.18.0-477.13.1.el8_8.x86_64
RHSA-2023:3847 Moderate/Sec.  kernel-modules-4.18.0-477.15.1.el8_8.x86_64


# OS再起動
$ sudo systemctl reboot

# 適用可能なErrataの数確認
$ sudo dnf updateinfo
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:14:18 ago on Sun 30 Jul 2023 01:33:45 PM UTC.

# 適用可能なErrataのリスト表示
$ sudo dnf updateinfo --list
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:14:31 ago on Sun 30 Jul 2023 01:33:45 PM UTC.



Red Hat Enterprise Linuxのマイナーリリースは固定せず、適宜アップデートしなければ脆弱性があったとしても最新の修正を適用できないことをお伝えしました。

SSM Patch Managerなどを使用して適宜アップデートしてあげましょう。ただし、2023/7/31時点ではRHEL 9はサポート対象外であったりと、運用が始まる前にSSM Patch ManagerがサポートしているOSや前提条件は事前に確認しておきましょう。



重要: Red Hat に属さないソフトウェアベンダー (ISV) の中には、ソフトウェアベンダーのフルサポートを受けるためには、インストールされているパッケージが 1 つのマイナーリリースに限定するように定めているところもあります。1 台のシステムに複数のマイナーリリースからパッケージをインストールした場合のサポート状況については、ISV に確認してください。

メジャーリリース、マイナーリリース、および非同期リリースはそれぞれどのような点が異なりますか? - Red Hat Customer Portal


$ ls -l /etc/dnf/vars/
total 0

$ echo 8.6 | sudo tee /etc/dnf/vars/releasever > /dev/null

$ cat /etc/dnf/vars/releasever


以上、AWS事業本部 コンサルティング部の のんピ(@non____97)でした!


facebook logohatena logotwitter logo

© Classmethod, Inc. All rights reserved.