Bug 1186717
| Summary: | update for CVE-2015-0235 missed by yum --security | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Dave Love <dave.love> |
| Component: | yum | Assignee: | Valentina Mukhamedzhanova <vmukhame> |
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.6 | CC: | ashankar, dave.love, james.antill, lopaka, pfrankli, spoyarek, vmukhame |
| Target Milestone: | rc | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-02-13 11:02:42 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Not a glibc issue. Moving to yum. I can't reproduce this issue, 'yum --security check-update glibc\*' gives me the expected output. Are you still facing this problem? It could be helpful to try to disable all plugins except product-id, security and subscription-manager, clear the cache and try again. I can no longer reproduce this, but I have no idea what might have changed. Could you tell me what metadata yum-plugin-security uses so I can try to figure it out without having to read the source? (It gives me false positives with check-update too, which are still present.) yum-plugin-security uses the updateinfo metadata (something like /var/cache/yum/x86_64/6Server/rhel-6-server-rpms/6189da8c10e23e0a4b0ce14e30131e484ff83070d3a7db43152bf27da436a87e-updateinfo.xml.gz) Since the issue cannot be reproduced, I am closing this. Please feel free to reopen if you have a reliable reproducer. |
Description of problem: Security updates relying on yum --security (e.g. via yum-cron) don't pick up the GHOST fix. I don't know how yum-security works, so I don't know whether the bug is actually in the repo, glibc package, or elsewhere. Version-Release number of selected component (if applicable): 2.12-1.149.el6_6.5 How reproducible: Steps to Reproduce: # yum --security check-update glibc\* Actual results: # yum --security check-update glibc\* Loaded plugins: auto-update-debuginfo, changelog, downloadonly, etckeeper, : fastestmirror, filter-data, merge-conf, post-transaction- : actions, priorities, product-id, protectbase, refresh- : packagekit, security, subscription-manager, verify, versionlock Loading mirror speeds from cached hostfile * epel: mirror.bytemark.co.uk * epel-debuginfo: mirror.bytemark.co.uk Skipping filters plugin, no data 0 packages excluded due to repository protections Limiting package lists to security relevant ones No packages needed for security; 45 packages available Expected results: # yum check-update glibc\* Loaded plugins: auto-update-debuginfo, changelog, downloadonly, etckeeper, : fastestmirror, filter-data, merge-conf, post-transaction- : actions, priorities, product-id, protectbase, refresh- : packagekit, security, subscription-manager, verify, versionlock Loading mirror speeds from cached hostfile * epel: mirror.bytemark.co.uk * epel-debuginfo: mirror.bytemark.co.uk Skipping filters plugin, no data 0 packages excluded due to repository protections glibc.i686 2.12-1.149.el6_6.5 rhel-6-server-rpms glibc.x86_64 2.12-1.149.el6_6.5 rhel-6-server-rpms glibc-common.x86_64 2.12-1.149.el6_6.5 rhel-6-server-rpms glibc-devel.i686 2.12-1.149.el6_6.5 rhel-6-server-rpms glibc-devel.x86_64 2.12-1.149.el6_6.5 rhel-6-server-rpms glibc-headers.x86_64 2.12-1.149.el6_6.5 rhel-6-server-rpms Additional info: