Rocky Linux 9.5 Security Update

Rocky Linux Help & Support
1

I’m experiencing a problem during routine security update upgrades. On devices running Rocky Linux 9.5, I want “dnf updateinfo list installed” to give me a list of security updates, and I want to pass the security updates on this list. I get the list and pass it, but when I run the “dnf updateinfo list installed” command again, I get the same output. I can’t figure out why. Here are the steps I followed:

1- dnf updateinfo list installed |grep Sec or dnf updateinfo list all |grep Sec
2- dnf update “packages in list”
3- reboot
4- dnf updateinfo list installed |grep Sec or dnf updateinfo list all |grep Sec

I expect the results to be different from the first step after performing these steps.

In Linux 8, I was able to pull and list updates with “dnf updateinfo list security” and run them with “dnf update --security.” However, I couldn’t do this in Linux 9.5. My goal is to list existing updates on the system, install them on the device, and then see the pending security updates section empty.

2

First, at this moment there is only one Rocky Linux 9 that is supported and that is based on the 9.6 content. The 9.5 is out of support. Do a dnf up

Second, “cherry picking” is not recommended. Do a dnf up

What is actually on that list?

3

NAME=“Rocky Linux”
VERSION=“9.5 (Blue Onyx)”
ID=“rocky”
ID_LIKE=“rhel centos fedora”
VERSION_ID=“9.5”
PLATFORM_ID=“platform:el9”
PRETTY_NAME=“Rocky Linux 9.5 (Blue Onyx)”
ANSI_COLOR=“0;32”
LOGO=“fedora-logo-icon”
CPE_NAME=“cpe:/o:rocky:rocky:9::baseos”
HOME_URL=“https://rockylinux.org/”
VENDOR_NAME=“RESF”
VENDOR_URL=“https://resf.org/”
SUPPORT_END=“2032-05-31”
ROCKY_SUPPORT_PRODUCT=“Rocky-Linux-9”
ROCKY_SUPPORT_PRODUCT_VERSION=“9.5”
REDHAT_SUPPORT_PRODUCT=“Rocky Linux”
REDHAT_SUPPORT_PRODUCT_VERSION=“9.5”

I see it as Support End 2032 but?

https://docs.rockylinux.org/release_notes/

Rocky 9 (Code Name “Blue Onyx”) has general support until 31 May 2027 and security support through 31 May 2032. The supported architectures are x86_64-v2, aarch64, ppc64le, and s390x.

4

9.5 is not supported. Update your system to 9.6.

5

Yes, the major version (9) will have support, not all minor versions.

Minor releases add features during the general support phase.
Some security/bug fixes may be released for the current minor version until next minor version is released.
The security support phase will offer only critical security/bug fixes (for the last minor version).

Compare that to RHEL 9: Red Hat Enterprise Linux Life Cycle | Red Hat Customer Portal
The dark blue are practically what Rocky has.

Red Hat does sell EUS (and EEUS) for some older minor versions of RHEL,
but even they offer no support for RHEL 9.5 after release of RHEL 9.6.

1 Like
6

I see now. Thank you for the information. I will upgrade from 9.5 to 9.6. I will get back to you regarding this request later. :folded_hands:

7

Do you know the difference between the “dnf updateinfo list all” command and the “dnf updateinfo list security” command? dnf updateinfo list security
Last metadata expiration check: 1:02:16 ago on Tue 14 Oct 2025 12:50:18 PM +03.
dnf updateinfo list all
i RLSA-2023:0340 Moderate/Sec. bash-5.1.8-6.el9_1.x86_64
i RLSA-2023:4099 Important/Sec. bind-libs-2:9.16.23-11.el9_2.1.x86_64
i RLSA-2024:2551 Important/Sec. bind-libs-2:9.16.23-18.el9_4.1.x86_64
i RLSA-2024:5231 Important/Sec. bind-libs-2:9.16.23-18.el9_4.6.x86_64
I get two different outputs.

When I get to the case, since I performed a dnf up and all versions were updated on the client, I can’t check with the --security feature. It seems I can check again in a month or when a security update is released.

8

I never use those, only the dnf up.

However, the man dnf describes the updateinfo and its options.
It also states that syntax is:

dnf [options] updateinfo [--summary|--list|--info] [<availability>] [<spec>...]
9

I’m running these as evidence. Our updates are being audited, and we need to provide evidence of why they were made and what was done. With dnf updateinfo list security
RLSA-2023:0340 Moderate/Sec. bash-5.1.8-6.el9_1.x86_64
RLSA-2023:4099 Important/Sec. bind-libs-2:9.16.23-11.el9_2.1.x86_64
RLSA-2024:2551 Important/Sec. bind-libs-2:9.16.23-18.el9_4.1.x86_64
RLSA-2024:5231 Important/Sec. bind-libs-2:9.16.23-18.el9_4.6.x86_64

I’m printing out the vulnerability and saying I’ll be pushing these updates to the device. Dnf up updates everything very well, but only until there’s a version that shouldn’t be updated :smiley:

10

A version of package that is released but should not have been released ought to be a rare (preferably never) exception.

As general rule all updates to a major version of Enterprise Linux should alleviate issues, not create them. Be conservative. However, then one should know&document what to exclude and why (and let the rest update).

11

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.