Use yum to Only Install Security Relevant Fixes

If you use yum to manage your server's packages and you're trying to keep things stable then only installing security relevant fixes makes a lot of sense. The yum-plugin-security package adds a plugin that makes keeping track of these things a snap:

yum -y install yum-plugin-security

Then you can list the errata that are available for your system:

yum updateinfo list
Loaded plugins: fastestmirror, presto, refresh-packagekit, security
updates/updateinfo                                                                                                                                           | 1.2 MB  00:00:02
FEDORA-2013-9851  bugfix      ModemManager-0.6.2.0-1.fc18.x86_64
FEDORA-2013-10428 bugfix      NetworkManager-glib-1:0.9.8.2-1.fc18.x86_64
FEDORA-2013-8722  bugfix      PackageKit-0.8.9-1.fc18.x86_64
FEDORA-2013-8722  bugfix      PackageKit-device-rebind-0.8.9-1.fc18.x86_64
FEDORA-2013-8722  bugfix      PackageKit-glib-0.8.9-1.fc18.x86_64
FEDORA-2013-8722  bugfix      PackageKit-yum-0.8.9-1.fc18.x86_64
FEDORA-2013-8722  bugfix      PackageKit-yum-plugin-0.8.9-1.fc18.x86_64
FEDORA-2013-7532  bugfix      Thunar-1.6.3-1.fc18.x86_64
FEDORA-2013-16676 bugfix      abrt-2.1.7-1.fc18.x86_64
FEDORA-2013-20279 bugfix      abrt-2.1.9-1.fc18.x86_64
...

The type of errata can be listed:

yum updateinfo list security # could also be bzs, cves, etc

To update to the latest version of packages that a fix security issue use the following:

yum --security update-minimal

If you use the following:

yum --security update

You'll get the latest version of each package that has a security fix, even if that latest version doesn't fix a security issue.