Bug 1295525

Summary: [RFE] yum updateinfo list security updates does not match what yum update --security will do
Product: Red Hat Enterprise Linux 6 Reporter: Sten Turpin <sten>
Component: yumAssignee: Valentina Mukhamedzhanova <vmukhame>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.7CC: cww, james.antill, jgoulding, ksrot, mruzicka, sten, vmukhame
Target Milestone: rcKeywords: FutureFeature
Target Release: ---Flags: bhoefer: needinfo? (vmukhame)
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-01 19:24:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1277547    
Attachments:
Description Flags
Quick and dirty fix none

Description Sten Turpin 2016-01-04 18:37:47 UTC 
Description of problem: yum updateinfo list security updates does not match what yum update --security will do


Version-Release number of selected component (if applicable):
yum-3.2.29-69.el6

How reproducible:
Consistently, in our environment

Steps to Reproduce:
1. run "yum updateinfo list security updates" to view pending security updates
2. apply the updates with "yum update --security" 

Actual results:
mod_ssl, httpd, httpd-tools (in this case) are not upgraded to the versions listed by yum updateinfo list security updates


Expected results:
The updates applied should match what was listed as available

Additional info:

[sturpin ~]$ sudo yum updateinfo list security updates
[sudo] password for sturpin:
Loaded plugins: post-transaction-actions, security
RHSA-2015:2655              Important/Sec. bind-libs-32:9.8.2-0.37.rc1.el6_7.5.x86_64
RHSA-2015:2655              Important/Sec. bind-utils-32:9.8.2-0.37.rc1.el6_7.5.x86_64
RHSA-2011:0897              Moderate/Sec.  httpd-2.2.17-11.2.ep5.el6.x86_64
RHSA-2011:1329              Important/Sec. httpd-2.2.17-13.2.ep5.el6.x86_64
RHSA-2012:0542              Moderate/Sec.  httpd-2.2.17-15.4.ep5.el6.x86_64
RHSA-2012:1592              Important/Sec. httpd-2.2.22-14.ep6.el6.x86_64
RHSA-2013:0834              Important/Sec. httpd-2.2.22-18.ep6.el6.x86_64
RHSA-2013:1012              Moderate/Sec.  httpd-2.2.22-23.ep6.el6.x86_64
RHSA-2013:1208              Moderate/Sec.  httpd-2.2.22-25.ep6.el6.x86_64
RHSA-2013:1133              Moderate/Sec.  httpd-2.2.22-25.ep6.el6.x86_64
RHSA-2014:0783              Moderate/Sec.  httpd-2.2.22-27.ep6.el6.x86_64
RHSA-2014:0826              Moderate/Sec.  httpd-2.2.22-27.ep6.el6.x86_64
RHSA-2014:1020              Important/Sec. httpd-2.2.26-35.ep6.el6.x86_64
RHSA-2014:1087              Important/Sec. httpd-2.2.26-35.ep6.el6.x86_64
RHSA-2015:0847              Important/Sec. httpd-2.2.26-38.ep6.el6.x86_64
RHSA-2011:0897              Moderate/Sec.  httpd-tools-2.2.17-11.2.ep5.el6.x86_64
RHSA-2011:1329              Important/Sec. httpd-tools-2.2.17-13.2.ep5.el6.x86_64
RHSA-2012:0542              Moderate/Sec.  httpd-tools-2.2.17-15.4.ep5.el6.x86_64
RHSA-2012:1592              Important/Sec. httpd-tools-2.2.22-14.ep6.el6.x86_64
RHSA-2013:0834              Important/Sec. httpd-tools-2.2.22-18.ep6.el6.x86_64
RHSA-2013:1012              Moderate/Sec.  httpd-tools-2.2.22-23.ep6.el6.x86_64
RHSA-2013:1208              Moderate/Sec.  httpd-tools-2.2.22-25.ep6.el6.x86_64
RHSA-2013:1133              Moderate/Sec.  httpd-tools-2.2.22-25.ep6.el6.x86_64
RHSA-2014:0783              Moderate/Sec.  httpd-tools-2.2.22-27.ep6.el6.x86_64
RHSA-2014:0826              Moderate/Sec.  httpd-tools-2.2.22-27.ep6.el6.x86_64
RHSA-2014:1020              Important/Sec. httpd-tools-2.2.26-35.ep6.el6.x86_64
RHSA-2014:1087              Important/Sec. httpd-tools-2.2.26-35.ep6.el6.x86_64
RHSA-2015:0847              Important/Sec. httpd-tools-2.2.26-38.ep6.el6.x86_64
RHSA-2011:0897              Moderate/Sec.  mod_ssl-1:2.2.17-11.2.ep5.el6.x86_64
RHSA-2011:1329              Important/Sec. mod_ssl-1:2.2.17-13.2.ep5.el6.x86_64
RHSA-2012:0542              Moderate/Sec.  mod_ssl-1:2.2.17-15.4.ep5.el6.x86_64
RHSA-2012:1592              Important/Sec. mod_ssl-1:2.2.22-14.ep6.el6.x86_64
RHSA-2013:0834              Important/Sec. mod_ssl-1:2.2.22-18.ep6.el6.x86_64
RHSA-2013:1012              Moderate/Sec.  mod_ssl-1:2.2.22-23.ep6.el6.x86_64
RHSA-2013:1208              Moderate/Sec.  mod_ssl-1:2.2.22-25.ep6.el6.x86_64
RHSA-2013:1133              Moderate/Sec.  mod_ssl-1:2.2.22-25.ep6.el6.x86_64
RHSA-2014:0783              Moderate/Sec.  mod_ssl-1:2.2.22-27.ep6.el6.x86_64
RHSA-2014:0826              Moderate/Sec.  mod_ssl-1:2.2.22-27.ep6.el6.x86_64
RHSA-2014:1020              Important/Sec. mod_ssl-1:2.2.26-35.ep6.el6.x86_64
RHSA-2014:1087              Important/Sec. mod_ssl-1:2.2.26-35.ep6.el6.x86_64
RHSA-2015:0847              Important/Sec. mod_ssl-1:2.2.26-38.ep6.el6.x86_64
FEDORA-EPEL-2015-e29b297036 security       phpMyAdmin-4.0.10.12-1.el6.noarch
updateinfo list done
[sturpin ~]$ sudo yum update --security
Loaded plugins: post-transaction-actions, security
Setting up Update Process
Resolving Dependencies
Limiting packages to security relevant ones
6 package(s) needed (+0 related) for security, out of 118 available
--> Running transaction check
---> Package bind-libs.x86_64 32:9.8.2-0.37.rc1.el6_7.4 will be updated
---> Package bind-libs.x86_64 32:9.8.2-0.37.rc1.el6_7.5 will be an update
---> Package bind-utils.x86_64 32:9.8.2-0.37.rc1.el6_7.4 will be updated
---> Package bind-utils.x86_64 32:9.8.2-0.37.rc1.el6_7.5 will be an update
---> Package httpd.x86_64 0:2.2.15-47.el6_7 will be updated
---> Package httpd.x86_64 0:2.2.15-47.el6_7.1 will be an update
---> Package httpd-tools.x86_64 0:2.2.15-47.el6_7 will be updated
---> Package httpd-tools.x86_64 0:2.2.15-47.el6_7.1 will be an update
---> Package mod_ssl.x86_64 1:2.2.15-47.el6_7 will be updated
---> Package mod_ssl.x86_64 1:2.2.15-47.el6_7.1 will be an update
---> Package phpMyAdmin.noarch 0:4.0.10.10-2.el6oso will be updated
---> Package phpMyAdmin.noarch 0:4.0.10.12-1.el6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================
 Package              Arch            Version                             Repository                              Size
=======================================================================================================================
Updating:
 bind-libs            x86_64          32:9.8.2-0.37.rc1.el6_7.5           oso-rhui-rhel-server-releases          886 k
 bind-utils           x86_64          32:9.8.2-0.37.rc1.el6_7.5           oso-rhui-rhel-server-releases          186 k
 httpd                x86_64          2.2.15-47.el6_7.1                   oso-rhui-rhel-server-releases          830 k
 httpd-tools          x86_64          2.2.15-47.el6_7.1                   oso-rhui-rhel-server-releases           77 k
 mod_ssl              x86_64          1:2.2.15-47.el6_7.1                 oso-rhui-rhel-server-releases           95 k
 phpMyAdmin           noarch          4.0.10.12-1.el6                     epel                                   4.1 M

Transaction Summary
=======================================================================================================================
Upgrade       6 Package(s)

Total size: 6.2 M


If this is an issue with our custom repos, I'd appreciate some direction in fixing the issue, but it looks like a bug in yum to me.
Comment 2 Sten Turpin 2016-01-04 20:30:39 UTC 
Also worth noting: we exclude these packages in several repos, and we're still seeing them: 

oso-rhui-rhel-server-jbeap6.repo:exclude=httpd* mod_ssl
oso-rhui-rhel-server-jbews1.repo:exclude=httpd* mod_ssl
oso-rhui-rhel-server-jbews2.repo:exclude=httpd* mod_ssl
Comment 3 Sten Turpin 2016-01-05 17:44:13 UTC 
I just hit something similar on rhel7. yum updateinfo list security updates showed nothing to apply, but yum update --security -y pulled in a large update: 

$ sudo yum history info 57
Loaded plugins: post-transaction-actions
Transaction ID : 57
Begin time     : Tue Dec 15 12:29:20 2015
Begin rpmdb    : 639:804309ad25ded87e433b7716cbdd43e736d2675d
End time       :            12:30:53 2015 (93 seconds)
End rpmdb      : 645:40b075d32d48f196f43c84256e3b90f42d23b4a2
User           : root <root>
Return-Code    : Success
Command Line   : -y --security update
Transaction performed with:
    Installed     rpm-4.11.1-25.el7.x86_64 @anaconda/7.1
    Installed     yum-3.4.3-125.el7.noarch @anaconda/7.1
Packages Altered:
    Updated     ModemManager-glib-1.1.0-6.git20130913.el7.x86_64                          @oso-rhui-rhel-server-releases
    Update                        1.1.0-8.git20130913.el7.x86_64                          @oso-rhui-rhel-server-releases
    Updated     NetworkManager-1:1.0.0-16.git20150121.b4ea599c.el7_1.x86_64               @oso-rhui-rhel-server-releases
    Update                     1:1.0.6-27.el7.x86_64                                      @oso-rhui-rhel-server-releases
    Updated     NetworkManager-adsl-1:1.0.0-16.git20150121.b4ea599c.el7_1.x86_64          @oso-rhui-rhel-server-releases
    Update                          1:1.0.6-27.el7.x86_64                                 @oso-rhui-rhel-server-releases
    Updated     NetworkManager-bluetooth-1:1.0.0-16.git20150121.b4ea599c.el7_1.x86_64     @oso-rhui-rhel-server-releases
    Update                               1:1.0.6-27.el7.x86_64                            @oso-rhui-rhel-server-releases
    Updated     NetworkManager-config-server-1:1.0.0-16.git20150121.b4ea599c.el7_1.x86_64 @oso-rhui-rhel-server-releases
    Update                                   1:1.0.6-27.el7.x86_64                        @oso-rhui-rhel-server-releases
    Updated     NetworkManager-glib-1:1.0.0-16.git20150121.b4ea599c.el7_1.x86_64          @oso-rhui-rhel-server-releases
    Update                          1:1.0.6-27.el7.x86_64                                 @oso-rhui-rhel-server-releases
    Updated     NetworkManager-libnm-1:1.0.0-16.git20150121.b4ea599c.el7_1.x86_64         @oso-rhui-rhel-server-releases
    Update                           1:1.0.6-27.el7.x86_64                                @oso-rhui-rhel-server-releases
    Updated     NetworkManager-team-1:1.0.0-16.git20150121.b4ea599c.el7_1.x86_64          @oso-rhui-rhel-server-releases
    Update                          1:1.0.6-27.el7.x86_64                                 @oso-rhui-rhel-server-releases
    Updated     NetworkManager-tui-1:1.0.0-16.git20150121.b4ea599c.el7_1.x86_64           @oso-rhui-rhel-server-releases
    Update                         1:1.0.6-27.el7.x86_64                                  @oso-rhui-rhel-server-releases
    Updated     NetworkManager-wifi-1:1.0.0-16.git20150121.b4ea599c.el7_1.x86_64          @oso-rhui-rhel-server-releases
    Update                          1:1.0.6-27.el7.x86_64                                 @oso-rhui-rhel-server-releases
    Updated     NetworkManager-wwan-1:1.0.0-16.git20150121.b4ea599c.el7_1.x86_64          @oso-rhui-rhel-server-releases
    Update                          1:1.0.6-27.el7.x86_64                                 @oso-rhui-rhel-server-releases
    Updated     abrt-2.1.11-22.el7_1.x86_64                                               @oso-rhui-rhel-server-releases
    Update           2.1.11-35.el7.x86_64                                                 @oso-rhui-rhel-server-releases
    Updated     abrt-addon-ccpp-2.1.11-22.el7_1.x86_64                                    @oso-rhui-rhel-server-releases
    Update                      2.1.11-35.el7.x86_64                                      @oso-rhui-rhel-server-releases
    Updated     abrt-addon-kerneloops-2.1.11-22.el7_1.x86_64                              @oso-rhui-rhel-server-releases
    Update                            2.1.11-35.el7.x86_64                                @oso-rhui-rhel-server-releases
    Updated     abrt-addon-pstoreoops-2.1.11-22.el7_1.x86_64                              @oso-rhui-rhel-server-releases
    Update                            2.1.11-35.el7.x86_64                                @oso-rhui-rhel-server-releases
    Updated     abrt-addon-python-2.1.11-22.el7_1.x86_64                                  @oso-rhui-rhel-server-releases
    Update                        2.1.11-35.el7.x86_64                                    @oso-rhui-rhel-server-releases
    Updated     abrt-addon-vmcore-2.1.11-22.el7_1.x86_64                                  @oso-rhui-rhel-server-releases
    Update                        2.1.11-35.el7.x86_64                                    @oso-rhui-rhel-server-releases
    Updated     abrt-addon-xorg-2.1.11-22.el7_1.x86_64                                    @oso-rhui-rhel-server-releases
    Update                      2.1.11-35.el7.x86_64                                      @oso-rhui-rhel-server-releases
    Updated     abrt-cli-2.1.11-22.el7_1.x86_64                                           @oso-rhui-rhel-server-releases
    Update               2.1.11-35.el7.x86_64                                             @oso-rhui-rhel-server-releases
    Dep-Install abrt-dbus-2.1.11-35.el7.x86_64                                            @oso-rhui-rhel-server-releases
    Updated     abrt-libs-2.1.11-22.el7_1.x86_64                                          @oso-rhui-rhel-server-releases
    Update                2.1.11-35.el7.x86_64                                            @oso-rhui-rhel-server-releases
    Updated     abrt-python-2.1.11-22.el7_1.x86_64                                        @oso-rhui-rhel-server-releases
    Update                  2.1.11-35.el7.x86_64                                          @oso-rhui-rhel-server-releases
    Updated     abrt-tui-2.1.11-22.el7_1.x86_64                                           @oso-rhui-rhel-server-releases
    Update               2.1.11-35.el7.x86_64                                             @oso-rhui-rhel-server-releases
    Updated     autofs-1:5.0.7-48.el7.x86_64                                              @oso-rhui-rhel-server-releases
    Update             1:5.0.7-54.el7.x86_64                                              @oso-rhui-rhel-server-releases
    Updated     binutils-2.23.52.0.1-30.el7_1.2.x86_64                                    @rhui-REGION-rhel-server-releases
    Update               2.23.52.0.1-55.el7.x86_64                                        @oso-rhui-rhel-server-releases
    Dep-Install bluez-libs-5.23-4.el7.x86_64                                              @oso-rhui-rhel-server-releases
    Updated     cpio-2.11-22.el7.x86_64                                                   @anaconda/7.1
    Update           2.11-24.el7.x86_64                                                   @oso-rhui-rhel-server-releases
    Updated     curl-7.29.0-19.el7.x86_64                                                 @anaconda/7.1
    Update           7.29.0-25.el7.x86_64                                                 @oso-rhui-rhel-server-releases
    Updated     file-5.11-21.el7.x86_64                                                   @anaconda/7.1
    Update           5.11-31.el7.x86_64                                                   @oso-rhui-rhel-server-releases
    Updated     file-libs-5.11-21.el7.x86_64                                              @anaconda/7.1
    Update                5.11-31.el7.x86_64                                              @oso-rhui-rhel-server-releases
    Updated     glibc-2.17-78.el7.x86_64                                                  @anaconda/7.1
    Update            2.17-106.el7_2.1.x86_64                                             @oso-rhui-rhel-server-releases
    Updated     glibc-common-2.17-78.el7.x86_64                                           @anaconda/7.1
    Update                   2.17-106.el7_2.1.x86_64                                      @oso-rhui-rhel-server-releases
    Updated     grep-2.20-1.el7.x86_64                                                    @anaconda/7.1
    Update           2.20-2.el7.x86_64                                                    @oso-rhui-rhel-server-releases
    Updated     grub2-1:2.02-0.17.el7_1.4.x86_64                                          @oso-rhui-rhel-server-releases
    Update            1:2.02-0.29.el7.x86_64                                              @oso-rhui-rhel-server-releases
    Updated     grub2-tools-1:2.02-0.17.el7_1.4.x86_64                                    @oso-rhui-rhel-server-releases
    Update                  1:2.02-0.29.el7.x86_64                                        @oso-rhui-rhel-server-releases
    Install     kernel-3.10.0-327.3.1.el7.x86_64                                          @oso-rhui-rhel-server-releases
    Updated     kernel-tools-3.10.0-229.14.1.el7.x86_64                                   @oso-rhui-rhel-server-releases
    Update                   3.10.0-327.3.1.el7.x86_64                                    @oso-rhui-rhel-server-releases
    Updated     kernel-tools-libs-3.10.0-229.14.1.el7.x86_64                              @oso-rhui-rhel-server-releases
    Update                        3.10.0-327.3.1.el7.x86_64                               @oso-rhui-rhel-server-releases
    Updated     krb5-libs-1.12.2-15.el7_1.x86_64                                          @oso-rhui-rhel-server-releases
    Update                1.13.2-10.el7.x86_64                                            @oso-rhui-rhel-server-releases
    Dep-Install libcgroup-tools-0.41-8.el7.x86_64                                         @oso-rhui-rhel-server-releases
    Updated     libcurl-7.29.0-19.el7.x86_64                                              @anaconda/7.1
    Update              7.29.0-25.el7.x86_64                                              @oso-rhui-rhel-server-releases
    Updated     libpng-2:1.5.13-5.el7.x86_64                                              @oso-rhui-rhel-server-releases
    Update             2:1.5.13-7.el7_2.x86_64                                            @oso-rhui-rhel-server-releases
    Updated     libreport-2.1.11-23.el7_1.x86_64                                          @oso-rhui-rhel-server-releases
    Update                2.1.11-31.el7.x86_64                                            @oso-rhui-rhel-server-releases
    Updated     libreport-cli-2.1.11-23.el7_1.x86_64                                      @oso-rhui-rhel-server-releases
    Update                    2.1.11-31.el7.x86_64                                        @oso-rhui-rhel-server-releases
    Updated     libreport-filesystem-2.1.11-23.el7_1.x86_64                               @oso-rhui-rhel-server-releases
    Update                           2.1.11-31.el7.x86_64                                 @oso-rhui-rhel-server-releases
    Updated     libreport-plugin-rhtsupport-2.1.11-23.el7_1.x86_64                        @oso-rhui-rhel-server-releases
    Update                                  2.1.11-31.el7.x86_64                          @oso-rhui-rhel-server-releases
    Updated     libreport-plugin-ureport-2.1.11-23.el7_1.x86_64                           @oso-rhui-rhel-server-releases
    Update                               2.1.11-31.el7.x86_64                             @oso-rhui-rhel-server-releases
    Updated     libreport-python-2.1.11-23.el7_1.x86_64                                   @oso-rhui-rhel-server-releases
    Update                       2.1.11-31.el7.x86_64                                     @oso-rhui-rhel-server-releases
    Updated     libreport-rhel-2.1.11-23.el7_1.x86_64                                     @oso-rhui-rhel-server-releases
    Update                     2.1.11-31.el7.x86_64                                       @oso-rhui-rhel-server-releases
    Updated     libreport-web-2.1.11-23.el7_1.x86_64                                      @oso-rhui-rhel-server-releases
    Update                    2.1.11-31.el7.x86_64                                        @oso-rhui-rhel-server-releases
    Updated     libreswan-3.12-10.1.el7_1.x86_64                                          @oso-rhui-rhel-server-releases
    Update                3.15-5.el7_1.x86_64                                             @oso-rhui-rhel-server-releases
    Updated     libssh2-1.4.3-8.el7.x86_64                                                @anaconda/7.1
    Update              1.4.3-10.el7.x86_64                                               @oso-rhui-rhel-server-releases
    Updated     libxml2-2.9.1-5.el7_1.2.x86_64                                            @rhui-REGION-rhel-server-releases
    Update              2.9.1-6.el7_2.2.x86_64                                            @oso-rhui-rhel-server-releases
    Updated     libxml2-python-2.9.1-5.el7_1.2.x86_64                                     @rhui-REGION-rhel-server-releases
    Update                     2.9.1-6.el7_2.2.x86_64                                     @oso-rhui-rhel-server-releases
    Updated     linux-firmware-20140911-0.1.git365e80c.el7.noarch                         @rhui-REGION-rhel-server-releases
    Update                     20150904-43.git6ebf5d5.el7.noarch                          @oso-rhui-rhel-server-releases
    Updated     nspr-4.10.8-1.el7_1.x86_64                                                @rhui-REGION-rhel-server-releases
    Update           4.10.8-2.el7_1.x86_64                                                @oso-rhui-rhel-server-releases
    Updated     nss-3.19.1-5.el7_1.x86_64                                                 @oso-rhui-rhel-server-releases
    Update          3.19.1-18.el7.x86_64                                                  @oso-rhui-rhel-server-releases
    Updated     nss-sysinit-3.19.1-5.el7_1.x86_64                                         @oso-rhui-rhel-server-releases
    Update                  3.19.1-18.el7.x86_64                                          @oso-rhui-rhel-server-releases
    Updated     nss-tools-3.19.1-5.el7_1.x86_64                                           @oso-rhui-rhel-server-releases
    Update                3.19.1-18.el7.x86_64                                            @oso-rhui-rhel-server-releases
    Updated     nss-util-3.19.1-3.el7_1.x86_64                                            @oso-rhui-rhel-server-releases
    Update               3.19.1-4.el7_1.x86_64                                            @oso-rhui-rhel-server-releases
    Updated     ntp-4.2.6p5-19.el7_1.1.x86_64                                             @oso-rhui-rhel-server-releases
    Update          4.2.6p5-22.el7.x86_64                                                 @oso-rhui-rhel-server-releases
    Updated     ntpdate-4.2.6p5-19.el7_1.1.x86_64                                         @oso-rhui-rhel-server-releases
    Update              4.2.6p5-22.el7.x86_64                                             @oso-rhui-rhel-server-releases
    Updated     openldap-2.4.39-7.el7_1.x86_64                                            @oso-rhui-rhel-server-releases
    Update               2.4.40-8.el7.x86_64                                              @oso-rhui-rhel-server-releases
    Updated     openssh-6.6.1p1-12.el7_1.x86_64                                           @rhui-REGION-rhel-server-releases
    Update              6.6.1p1-22.el7.x86_64                                             @oso-rhui-rhel-server-releases
    Updated     openssh-clients-6.6.1p1-12.el7_1.x86_64                                   @rhui-REGION-rhel-server-releases
    Update                      6.6.1p1-22.el7.x86_64                                     @oso-rhui-rhel-server-releases
    Updated     openssh-server-6.6.1p1-12.el7_1.x86_64                                    @rhui-REGION-rhel-server-releases
    Update                     6.6.1p1-22.el7.x86_64                                      @oso-rhui-rhel-server-releases
    Updated     perf-3.10.0-229.14.1.el7.x86_64                                           @oso-rhui-rhel-server-releases
    Update           3.10.0-327.3.1.el7.x86_64                                            @oso-rhui-rhel-server-releases
    Updated     python-2.7.5-18.el7_1.1.x86_64                                            @oso-rhui-rhel-server-releases
    Update             2.7.5-34.el7.x86_64                                                @oso-rhui-rhel-server-releases
    Updated     python-libs-2.7.5-18.el7_1.1.x86_64                                       @oso-rhui-rhel-server-releases
    Update                  2.7.5-34.el7.x86_64                                           @oso-rhui-rhel-server-releases
    Dep-Install python-magic-5.11-31.el7.noarch                                           @oso-rhui-rhel-server-releases
    Dep-Install redhat-access-insights-1.0.6-0.el7.noarch                                 @oso-rhui-rhel-server-releases
    Updated     redhat-release-server-7.1-1.el7.x86_64                                    @anaconda/7.1
    Update                            7.2-9.el7.x86_64                                    @oso-rhui-rhel-server-releases
    Updated     satyr-0.13-8.el7.x86_64                                                   @oso-rhui-rhel-server-releases
    Update            0.13-12.el7.x86_64                                                  @oso-rhui-rhel-server-releases
    Updated     unbound-libs-1.4.20-19.el7.x86_64                                         @oso-rhui-rhel-server-releases
    Update                   1.4.20-26.el7.x86_64                                         @oso-rhui-rhel-server-releases
    Updated     xfsprogs-3.2.1-6.el7.x86_64                                               @anaconda/7.1
    Update               3.2.2-2.el7.x86_64                                               @oso-rhui-rhel-server-releases
Scriptlet output:
   1 warning: /etc/ipsec.conf created as /etc/ipsec.conf.rpmnew
history info
Comment 5 Sten Turpin 2016-01-06 15:13:03 UTC 
please ignore comment 3, I didn't see that the yum history info was weeks old.
Comment 6 Andy Grimm 2016-04-04 18:14:59 UTC 
Created attachment 1143411 [details]
Quick and dirty fix

We now understand why this issue is occurring.  It happens specifically when there is an unapplied bugfix for the package.  The problem is that the security plugin does a check to see which packages have updates (and respects the yum configuration when doing this), but then fetches the errata list for any package which has an update.  The errata are not tied to a specific repo, and are only compared to the installed package NEVRA to see whether they would apply.

So right now, we can reproduce the problem with:

1) A RHEL 6 system updated to the latest packages *except* keep httpd and mod_ssl at 2.2.15-47.el6_7.3.x86_64 (latest is 2.2.15-47.el6_7.4.x86_64)
2) configure the Jboss EAP 6 repo with "exclude=httpd* mod_ssl"
3) run "yum -q updateinfo list security updates"

You will see that updates from the jboss repo show up:

RHSA-2012:1592              Important/Sec. httpd-2.2.22-14.ep6.el6.x86_64
RHSA-2013:0834              Important/Sec. httpd-2.2.22-18.ep6.el6.x86_64
RHSA-2013:1012              Moderate/Sec.  httpd-2.2.22-23.ep6.el6.x86_64
RHSA-2013:1208              Moderate/Sec.  httpd-2.2.22-25.ep6.el6.x86_64
...

Then, to confirm the cause, do:

1) "yum update httpd mod_ssl" to consume the bugfix from the base RHEL channel
2) run "yum -q updateinfo list security updates" again

even though the NEVRA of the installed package is still less than all the jboss versions, they will not show up this time.

I am attaching a patch here that demonstrates a fix for our specific use case, but given the wide variety of ways that includes and excludes can be used, I am sure this patch would not be acceptable upstream.  I'm merely including it to better illustrate where the problem lies.
Comment 7 Matt Ruzicka 2016-05-31 14:48:12 UTC 
Hello,

I was wondering if we could get a status on this issue and see if there is any other data that can be provided to assist. Thank you.
Comment 13 Chris Williams 2017-06-01 19:24:00 UTC 
Red Hat Enterprise Linux 6 transitioned to the Production 3 Phase on May 10, 2017.  During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not appear to meet the inclusion criteria for the Production Phase 3 and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification.  Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com