服务器的安全升级却是必须的，所以，下面介绍一个yum插件：yum-plugin-security 来进行安全性升级。

1.一般系统默认安装了yum-plugin-security，如果没有，则输入命令安装yum-plugin-security ：

$ sudo yum install yum-security

2. 如果是red hat 6，yum-plugin-security现在增加了了一个updateinfo命令。这个命令用来查看可安全更新的软件列表(只查看，不更新)，输入下面的命令：

复制代码代码如下:$ sudo yum updateinfo list security

输出：

复制代码代码如下:Loaded plugins: security, versionlock
CVE-2013-1619 security gnutls-2.8.5-10.el6_4.1.x86_64
CVE-2013-1493 security java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
CVE-2013-0809 security java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
CVE-2013-0268 security kernel-uek-2.6.39-400.17.2.el6uek.x86_64
CVE-2013-0268 security kernel-uek-firmware-2.6.39-400.17.2.el6uek.noarch
CVE-2012-4929 security openssl-1.0.0-27.el6_4.2.x86_64
CVE-2013-0166 security openssl-1.0.0-27.el6_4.2.x86_64
CVE-2013-0169 security openssl-1.0.0-27.el6_4.2.x86_64
updateinfo list done

对于 red hat 或者 centos 5.x 版本而言，则使用下面的命令来查看可安全更新的软件列表：

复制代码代码如下:$ sudo yum list updates --security

升级需要安全更新的软件包，输入命令：

复制代码代码如下:$ sudo yum update --security

输出如下：

复制代码代码如下:Loaded plugins: security, versionlock
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
5 package(s) needed (+0 related) for security, out of 17 available
--> Running transaction check
---> Package gnutls.x86_64 0:2.8.5-10.el6 will be updated
---> Package gnutls.x86_64 0:2.8.5-10.el6_4.1 will be an update
---> Package java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.56.1.11.8.el6_3 will be updated
---> Package java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 will be an update
---> Package kernel-uek.x86_64 0:2.6.39-400.17.2.el6uek will be installed
---> Package kernel-uek-firmware.noarch 0:2.6.39-400.17.2.el6uek will be installed
---> Package openssl.x86_64 0:1.0.0-27.el6 will be updated
---> Package openssl.x86_64 0:1.0.0-27.el6_4.2 will be an update
--> Finished Dependency Resolution
--> Running transaction check
---> Package kernel-uek.x86_64 0:2.6.39-300.17.3.el6uek will be erased
---> Package kernel-uek-firmware.noarch 0:2.6.39-300.17.3.el6uek will be erased
--> Finished Dependency Resolution</p><p> Dependencies Resolved</p><p> ================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
kernel-uek x86_64 2.6.39-400.17.2.el6uek ol6_UEK_latest 27 M
kernel-uek-firmware noarch 2.6.39-400.17.2.el6uek ol6_UEK_latest 3.5 M
Updating:
gnutls x86_64 2.8.5-10.el6_4.1 ol6_latest 345 k
java-1.6.0-openjdk x86_64 1:1.6.0.0-1.57.1.11.9.el6_4 ol6_latest 25 M
openssl x86_64 1.0.0-27.el6_4.2 ol6_latest 1.4 M
Removing:
kernel-uek x86_64 2.6.39-300.17.3.el6uek @ol6_UEK_latest 99 M
kernel-uek-firmware noarch 2.6.39-300.17.3.el6uek @ol6_UEK_latest 5.0 M</p><p> Transaction Summary
================================================================================
Install 2 Package(s)
Upgrade 3 Package(s)
Remove 2 Package(s)</p><p> Total download size: 57 M
Is this ok [y/N]: //输入y，则确认升级

end！