yum list installed kernel
will return a list of packages and their current version:
Installed Packages
[...]
kernel.x86_64 3.10.0-693.5.2.el7 updates
yum update kernel
gives you a list of packages being updated, and their new versions:
=============================================================
Package Arch Version Repository Size
=============================================================
Installing:
kernel x86_64 3.10.0-957.21.3.el7 updates 48 M
Is there a combination using yum I can run to list the current differences in versions for packages being updated similar to this?
Package Old version Update version
kernel.x86_64 3.10.0-693.5.2.el7 3.10.0-957.21.3.el7
the 'Resolving Dependencies' output does this, but the readability is not great, and difficult to separate from the rest of the text. Plus if you specify a single package, it only lists the existing version for the dependencies:
yum update kernel
Resolving Dependencies
--> Running transaction check
---> Package kernel.x86_64 0:3.10.0-957.21.3.el7 will be installed
--> Processing Dependency: linux-firmware >= 20180911-68 for package: kernel-3.10.0-957.21.3.el7.x86_64
--> Running transaction check
---> Package linux-firmware.noarch 0:20170606-56.gitc990aae.el7 will be updated
---> Package linux-firmware.noarch 0:20180911-69.git85c5d90.el7 will be an update
[...]
yum doesn't have exactly that output. history shows all transactions and can undo them, list installed shows current version, and update shows the new packages to be installed after dependency resolution.
Write a yum plugin that prints the output you want if you like. However, a person at the prompt is tedious and doesn't scale.
Consider instead enabling automatic updates on a schedule. Verification then becomes reviewing the updates in the repo, and verifying host compliance that they are updating. Perhaps spot check a few hosts after an interesting security update is released.
If you care about the previous versions of many hosts over time, a central database for update management is more powerful anyway.