Starting June 2021, security patches are provided as a separate bundle distributed on Fix
Central periodically, between full releases of the product. Starting with version 1.0.25.0, each
full release contains all the security patches that have been released since the last full
release.
Security patches are tied to the version of Red Hat Linux that is installed on IAS. Verify which
patch can be installed on your system by reviewing
Security patch release notes (RHEL 7.9).
Important: Do not apply the patch if the Red Hat Linux version on your system does not
match.
Applying a security patch requires approximately 1 hour and 30 minutes of system downtime.
Procedure
-
Download the security patch release bundle from Fix Central.
- Copy the security patch bundle to
node0101 (master node):
- Create a directory under /localrepo on
node0101: mkdir -p /localrepo/w.x.y.z_release
Example:
mkdir -p /localrepo/7.9.21.08.SP3_release
Note
that the directory name cannot start with release or iias prefix.
Use release number.
- Copy the security bundle that was downloaded in step (1) to the newly created
directory.
- Save the list of the currently installed RPMs in a file:
rpm -qa > current_rpm_list
- Run the following upgrade command to apply the security
patches:
apupgrade --upgrade-directory /localrepo --use-version release_version --upgrade
Example:
apupgrade --upgrade-directory /localrepo --use-version 7.9.21.08.SP3_release --upgrade
Note: The
value for the --use-version parameter is the same as the name of the directory
that you created in step (2.a).
Note: Run apupgrade only as the root
user.
- Collect the updated RPMs list by running the following command:
- Compare the RPM list that you obtained in step (3) and step (5) to verify whether RPMs
have been updated:
diff current_rpm_list new_rpm_list
New RPMs are
listed. If there is no difference on the lists, your system was already on the latest security patch
version.