Pour ceux qui se demandent comment lister les mises à jour de sécurité sur un système RedHat, il suffit d'installer le plugin yum-security si celui-ci n'est pas déjà installé.

Installation du plugin :

yum install -y yum-security

Pour lister les mises à jour de sécurité disponibles :

yum list-security
ELSA-2013-0245 Critical/Sec.  java-1.6.0-openjdk-1:1.6.0.0-1.54.1.11.6.el6_3.x86_64
ELSA-2013-0273 Critical/Sec.  java-1.6.0-openjdk-1:1.6.0.0-1.56.1.11.8.el6_3.x86_64
ELSA-2013-0605 Critical/Sec.  java-1.6.0-openjdk-1:1.6.0.0-1.57.1.11.9.el6_4.x86_64
ELSA-2013-0770 Important/Sec. java-1.6.0-openjdk-1:1.6.0.0-1.61.1.11.11.el6_4.x86_64
ELSA-2013-1014 Important/Sec. java-1.6.0-openjdk-1:1.6.0.0-1.62.1.11.11.90.el6_4.x86_64
ELBA-2013-1414 bugfix         java-1.6.0-openjdk-1:1.6.0.0-1.65.1.11.13.el6_4.x86_64
ELSA-2013-1505 Important/Sec. java-1.6.0-openjdk-1:1.6.0.0-1.65.1.11.14.el6_4.x86_64
ELBA-2013-1741 bugfix         java-1.6.0-openjdk-1:1.6.0.0-1.66.1.13.0.el6.x86_64
ELSA-2014-0097 Important/Sec. java-1.6.0-openjdk-1:1.6.0.0-3.1.13.1.el6_5.x86_64
ELSA-2013-0247 Important/Sec. java-1.7.0-openjdk-1:1.7.0.9-2.3.5.3.0.1.el6_3.x86_64
ELSA-2013-0275 Important/Sec. java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.0.2.el6_3.x86_64
ELSA-2013-0602 Critical/Sec.  java-1.7.0-openjdk-1:1.7.0.9-2.3.8.0.0.1.el6_4.x86_64
ELSA-2013-0751 Critical/Sec.  java-1.7.0-openjdk-1:1.7.0.19-2.3.9.1.0.1.el6_4.x86_64
ELSA-2013-0957 Critical/Sec.  java-1.7.0-openjdk-1:1.7.0.25-2.3.10.3.0.1.el6_4.x86_64
ELBA-2013-1004 bugfix         java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.0.1.el6_4.x86_64
ELSA-2013-1451 Critical/Sec.  java-1.7.0-openjdk-1:1.7.0.45-2.4.3.2.0.1.el6_4.x86_64
ELBA-2013-1611 bugfix         java-1.7.0-openjdk-1:1.7.0.45-2.4.3.3.0.1.el6.x86_64
ELBA-2013-1810 bugfix         java-1.7.0-openjdk-1:1.7.0.45-2.4.3.4.0.1.el6_5.x86_64
ELSA-2014-0026 Critical/Sec.  java-1.7.0-openjdk-1:1.7.0.51-2.4.4.1.0.1.el6_5.x86_64

Pour avoir plus d'information sur un "advisory" :

yum info-security ELSA-2013-1806

===============================================================================
   java-1.7.0-openjdk security update
===============================================================================
  Update ID : ELSA-2013-0602
    Release : Oracle Linux 6
       Type : security
     Status : final
     Issued : 2013-03-06
       CVEs : CVE-2013-0809
        : CVE-2013-1493
Description : [1.7.0.9-2.3.8.0.0.1.el6_4]
            : - Update DISTRO_NAME in specfile
            :
            : [1.7.0.9-2.3.8.0el6]
            : - Revert to rhel 6.3 version of spec file
            : - Revert to icedtea7 2.3.8 forest
            : - Resolves: rhbz#917183
            :
            : [1.7.0.11-2.4.0.pre5.el6]
            : - Update to latest snapshot of icedtea7 2.4 forest
            : - Resolves: rhbz#917183
            :
            : [1.7.0.9-2.4.0.pre4.3.el6]
            : - Updated  to icedtea 2.4.0.pre4,
            : - Rewritten (again) patch3
            :   java-1.7.0-openjdk-java-access-bridge-security.patch
            : - Resolves: rhbz#911530
            :
            : [1.7.0.9-2.4.0.pre3.3.el6]
            : - Updated  to icedtea 2.4.0.pre3, updated!
            : - Rewritten patch3
            :   java-1.7.0-openjdk-java-access-bridge-security.patch
            : - Resolves: rhbz#911530
            :
            : [1.7.0.9-2.4.0.pre2.3.el6]
            : - Removed testing
            :  - mauve was outdated and
            :  - jtreg was icedtea relict
            : - Updated  to icedtea 2.4.0.pre2, updated?
            : - Added java -Xshare:dump to post (see 513605) fo
            :   jitarchs
            : - Resolves: rhbz#911530
            :
            : [1.7.0.11-2.4.0.2.el6]
            : - Unapplied but kept (for 2.3revert) patch110,
            :   java-1.7.0-openjdk-nss-icedtea-e9c857dcb964.patch
            : - Added and applied patch113:
            :   java-1.7.0-openjdk-aes-update_reset.patch
            : - Added and applied patch114:
            :   java-1.7.0-openjdk-nss-tck.patch
            : - Added and applied patch115:
            :   java-1.7.0-openjdk-nss-split_results.patch
            : - NSS enabled by default - enable_nss set to 1
            : - rewritten patch109 -
            :   java-1.7.0-openjdk-nss-config-1.patch
            : - rewritten patch111 -
            :   java-1.7.0-openjdk-nss-config-2.patch
            : - Resolves: rhbz#831734
            :
            : [1.7.0.11-2.4.0.1.el6]
            : - Rewritten patch105:
            :   java-1.7.0-openjdk-disable-system-lcms.patch
            : - Added jxmd and idlj to alternatives
            : - make executed with   DISABLE_INTREE_EC=true and
            :   UNLIMITED_CRYPTO=true
            : - Unapplied patch302 and deleted systemtap.patch
            : - buildver increased to 11
            : - icedtea_version set to 2.4.0
            : - Added and applied patch112
            :   java-1.7.openjdk-doNotUseDisabledEcc.patch
            : - removed tmp-patches source tarball
            : - Added /lib/security/US_export_policy.jar and
            :   lib/security/local_policy.jar
            : - Disabled nss - enable_nss set to 0
            : - Resolves: rhbz#895034
   Severity : Critical
updateinfo info done

Pour vérifier quels packages peuvent être mis à jour :

yum --security check-update
Loaded plugins: rhnplugin, security
This system is receiving updates from ULN.
Limiting package lists to security relevant ones
No packages needed for security; 294 packages available

Enfin pour appliquer un patch précis :

yum --advisory=ELSA-2013-1806 update

Et voilà ;o)