Patch release frequency

Hi All,

Can anyone let me know what is the frequency of the patch release for CentOS 9? And how can I check when the system was last updated with latest patches?

Thanks in Advance.

No idea about the patch frequency.

You can check when you last updated the system using the sudo dnf history command.
You can see what was updated last with sudo dnf history info last

My practice is to update my Fedora systems once a week.

What is your update schedule?

Hey,

Thanks for replying. I will check that.

Actually, the system is with client and I’m unaware of their update schedule. Also, does removing libxml and pkexec have any impact on the OS? If yes, what will be the impact?

You would have to look into the actual system and run dnf commands to see what depends on those two packages. Also you would need to see if there is any ad-hoc application not installed with dnfthat are using those libraries, which is a little bit more tricky.

I’m afraid that if you don’t have access to your client’s servers, you won’t be able to answer those questions.

I have access to client’s system my user can’t execute sudo commands and has minimal to zero internet connectivity.

Can you please share the exact commands? I’ll try to execute.

Why would you want to remove them?

Both may be needed by OS tools you are using and in some configurations are vital.

rpm -q --whatrequires libxml and rpm -q --whatrequires polkit will print packages which depend on those and running those commands doesn’t require root privileges.

Actually, the system has High severity vulnerabilities related to these 2. I’m looking for solution if we can either update them both or, if removed, what the impact might be.

I’m also looking for latest versions of both, if available and whether they are applicable for CentOS 8 and 9

  1. Are they exploitable with your use case?
  2. Check with Centos if they have patched the vuln.

I can’t check for the exploitability part. As far as patch is concerned, I saw online that the current version installed is the latest version applicable.

Is there any authentic website where I can get the information about the latest stable versions of these things with respect to the OS variants and versions?

One way is to pay redhat for support.
Not sure where you can ask Centos.

CentOS Stream is the ‘upstream’ of a RHEL release in all things except for security updates. In those cases, security updates will generally come to RHEL releases first and then show up in CentOS Stream at a later date. There is no equivalent to a Service Level Agreement (SLA) or even a Service Level Expectations beyond that.

If you have found yourself in charge of systems with security requirements that require SLA then you should use an EL operating system with some sort of paid support attached to it where an SLA can be ‘enforced’.

Outside of that, CentOS Stream generally updates Monday through Friday as various applications are updated to match what would appear in the never major.minor version of Red Hat Enterprise Linux. Currently things are either focused on what will be RHEL-9.5 or RHEL-9.6 (I am not exactly sure). Some items will be improvements/bug-fixes and some things will be major rebases moving things like clang-17 to clang-18 (or newer versions of GNOME libraries etc).

It looks to me that your client will need a permanent maintenance contract, and a security analysis team, where the non-stop bad news of vulnerabilities are analyzed one by one, to see if they are indeed a risk for their system, and then determine if just ignore it for not being a risk, patch it if the update is available, or implement mitigation strategies if update not available yet.

1 Like

Composes only happen once a week though right? So that’s probably what the effective update frequency is, as far as users are concerned