In our example, we also have Postfix installed and running on the server, and one of Postfix’s dependencies is the mariadb-libs package. This may be a major concern if the upgraded libraries fix a security vulnerability or critical bug, because it is very easy to think you have patched the servers and resolved the issue, when in fact you might still have running processes using the old version of the libraries.
However, other applications that depend on libraries provided in mariadb-libs are not automatically restarted, and will continue to use the old version of the libraries until they are restarted. When we upgrade these packages, there is an RPM script in the mariadb-server RPM to run systemctl try-restart rvice, which will restart the rvice if it is running. Let’s look at an example where we run yum update and it reports that several MariaDB related packages need to be updated: mariadb, mariadb-libs, mariadb-server. One frequent mistake system administrators make is updating a system, but not restarting processes on the system that have had their libraries updated, which can lead to processes remaining vulnerable. We also need to consider other packages that might need to be updated on the system for security issues. If the goal is to live patch a system for security vulnerabilities, we need more than kpatch, as it only handles kernel patches. Check out the What's new in RHEL page today!