In the light of the latest vulnerabilities Meltdown and Spectre, it is recommended to patch your services as soon as possible to minimise any exposure. There are multiple ways to check which errata and patching is outstanding on your RHEL hosts. If you’re accustomed to the Red Hat Satellite 6 GUI or as a Satellite administrator, you may not have access to certain RHEL hosts, you can still check which hosts have outstanding security errata.
The first way to check an individual host, would be to check the host details.
Hosts –> Content Hosts
Pick the content host you wish to see what errata is outstanding by clicking on the number next to the red security icon.
In the below picture you can see two servers. One that has no applicable updates, bug fixes and product enhancements (voyager.lab.dev) while the other host (discovery.lab.dev) has a number of outstanding updates that need to be applied.
It will bring up a page of all the applicable Errata, you can click on the individual Red hat Security Advisory to bring up further details, which CVE’s are applicable etc. You can also click through the affected CVE link and it will bring you to the offical Red Hat page with further details of the CVE.
In the below image, you can see that the latest Red Hat Security Advisory RHSA-2018:0007 is applicable to this host.
What if you wanted to check all your hosts that have a particular errata outstanding
Navigate to Content –> Errata
It will bring up a list of all Errata is applicable to all hosts, however we want to narrow this down. In the search field you will need to type:
id = RHSA-2018:0007 (we’ll keep with the common theme here)
Select Content Hosts and it will bring up all content hosts that have the following Errata applicable. You can remotely install the errata if you chose to however Katello Agent requires to be installed for this.
The below image indicates the following hosts have RHSA-2017:0008 outstanding and can be applied from the Satellite 6 GUI.
You can perform these functions on individual hosts through the yum security plugin however this may not be feasible if you do not have access to the host. Red Hat Satellite 6 will not reboot your hosts, this requires the owner to develop a strategy on when to reboot a host, particularly if it’s a production host and can lead to an outage.