How to patch Red Hat Enterprise Linux

Q: How do I check which version of Red Hat Enterprise Linux I am running?

Use: cat /etc/redhat-release —or— hostnamectl (Terminal). Record the result before and after patching to confirm the update applied.

Red Hat · Operating System · 6 steps · Red Hat Enterprise Linux security status → · updated June 2026

RHEL patches are delivered as Red Hat Security Advisories (RHSA) through dnf, provided the system is registered to a subscription. You can apply security-only errata, and use Leapp for major-version upgrades.

actively exploited (KEV)

tracked CVEs

10.2

latest supported

Keep Red Hat Enterprise Linux current to stay ahead of new vulnerabilities.

Check your current version first

Before you patch, record what you're running (Terminal):

cat /etc/redhat-release   —or—   hostnamectl

Or paste your version into the checker for an instant verdict.

Step by step

Confirm registration

Run subscription-manager status to be sure the host is registered — without a subscription it cannot pull updates.

Check your version

Run cat /etc/redhat-release to record the current minor version.

Apply security errata

Apply security fixes with sudo dnf upgrade --security (or dnf update for everything). List pending security errata with dnf updateinfo list security.

Reboot or live-patch

Use dnf needs-restarting to see what requires a restart. Reboot if the kernel/glibc updated, or use kpatch (live kernel patching) for critical kernel CVEs without downtime.

Major-version upgrades via Leapp

Minor updates come through dnf; for a major upgrade (e.g. 8 → 9) use the Leapp utility (leapp preupgrade then leapp upgrade).

Verify

Confirm the result with cat /etc/redhat-release and re-check dnf updateinfo for any remaining security errata.

Watch out for:

No active subscription = no updates; register first.
Test major (Leapp) upgrades on a clone — they can need application changes.

Official sources

Advisory: Red Hat Security Advisories (RHSA) ↗
Download: Red Hat Customer Portal ↗

Don't patch blind. Keep Red Hat Enterprise Linux current to stay ahead of new vulnerabilities. See exactly which versions are safe and what you're exposed to.

Red Hat Enterprise Linux security status →

Stay ahead of the next one

Red Hat Enterprise Linux security status & health score — score, open CVEs and safe version.
Red Hat Enterprise Linux end-of-life dates — don't run a release that's stopped getting fixes.
Monitor Red Hat Enterprise Linux — get an email alert the moment a new exploited vulnerability lands.

Frequently asked questions

What is the latest version of Red Hat Enterprise Linux?

As of June 2026, the latest supported Red Hat Enterprise Linux release we track is 10.2. Patch to the current release on your branch and confirm the version after updating.

How do I check which version of Red Hat Enterprise Linux I am running?

Use: cat /etc/redhat-release —or— hostnamectl (Terminal). Record the result before and after patching to confirm the update applied.

Is Red Hat Enterprise Linux being actively exploited right now?

None of the Red Hat Enterprise Linux vulnerabilities we track are currently on the CISA KEV list, but that can change — keep it patched. See the exploitation radar.

How do I patch Red Hat Enterprise Linux safely without breaking production?

Always test in a non-production environment first, take a backup or snapshot, follow the official vendor advisory, and have a tested rollback. Patch one node at a time for clustered or high-availability setups.

Patch steps are general, well-established guidance for Red Hat Enterprise Linux — always test in a non-production environment first and follow the official Red Hat advisory for your exact version. IsItPatched is independent and not affiliated with Red Hat; this is not a substitute for vendor documentation. See our disclaimer.

← All patching guides · Security guides →