Question: Is it possible to limit dnf so that it lists or installs only security updates? How to patch the system only with security errata?
This post explains how to list and install security updates using dnf on CentOS/RHEL 8.
To list security updates
1. To list advisories about newer versions of installed packages (default):
# dnf updateinfo list --security
or
# dnf updateinfo list --security --available
2. To list advisories about any versions of installed packages:
# dnf updateinfo list --security --all
3. To list advisories about equal and older versions of installed packages:
# dnf updateinfo list --security --installed
4. To list security updates based on severity (Critical, Important, Moderate, Low):
# dnf updateinfo list --security --sec-severity [Severity]
To install security updates
1. To include security relevant packages, in updates:
# dnf upgrade --security
2. To include packages needed to fix the given advisory or advisories, in updates:
# dnf upgrade --advisory ELSA-xxxx-xxxx
or
# dnf upgrade --advisories ELSA-xxxx-xxxx,ELSA-yyyy-yyyy
3. To include packages needed to fix the given CVE(s), in updates:
# dnf upgrade --cve CVE-xxxx-xxxx,CVE-yyyy-yyyy
For more details, refer man page for dnf.
# man dnf