Applying security patches

Starting February 2021, security patches are provided as a separate bundle distributed on Fix Central periodically, between full releases of the product. Starting with version 1.0.7.6, each full release will contain all the security patches that have been released since the last full release.

Before you begin

Security patches are tied to the version of Red Hat Linux that is installed on Cloud Pak for Data System. Verify which patch can be installed on your system in Security patch release notes. Do not apply the patch if the Red Hat Linux version on your system does not match.

Procedure

  1. Download the security patch release bundle from Fix Central.
  2. Copy the security patch bundle to e1n1 (head node):
    1. Make directory under /localrepo on e1n1: 
      mkdir -p /localrepo/7.8.21.01.SP1_release
    2. Copy the security bundle downloaded in step (1) under the newly created directory.
  3. Save a list of the currently installed rpms in a file using the following command: 
    rpm -qa > current_rpm_list
  4. Run the following upgrade command to apply the security patches: 
    apupgrade --upgrade-directory /localrepo --use-version 7.8.21.01.SP1_release --bundle system --upgrade
    Note: The value for the --use-version parameter is the same as the name of the directory you created in step (2.a).
  5. Collect the updated rpms list using the following command: 
    rpm -qa > new_rpm_list
  6. Compare rpm list obtained in step (3) and step (5) to verify that rpms have been updated: 
    diff current_rpm_list new_rpm_list
    New rpms should be listed. If there is no difference on the lists, your system was already on the latest security patch version.