Hide Forgot
Description of problem: Security updates relying on yum --security (e.g. via yum-cron) don't pick up the GHOST fix. I don't know how yum-security works, so I don't know whether the bug is actually in the repo, glibc package, or elsewhere. Version-Release number of selected component (if applicable): 2.12-1.149.el6_6.5 How reproducible: Steps to Reproduce: # yum --security check-update glibc\* Actual results: # yum --security check-update glibc\* Loaded plugins: auto-update-debuginfo, changelog, downloadonly, etckeeper, : fastestmirror, filter-data, merge-conf, post-transaction- : actions, priorities, product-id, protectbase, refresh- : packagekit, security, subscription-manager, verify, versionlock Loading mirror speeds from cached hostfile * epel: mirror.bytemark.co.uk * epel-debuginfo: mirror.bytemark.co.uk Skipping filters plugin, no data 0 packages excluded due to repository protections Limiting package lists to security relevant ones No packages needed for security; 45 packages available Expected results: # yum check-update glibc\* Loaded plugins: auto-update-debuginfo, changelog, downloadonly, etckeeper, : fastestmirror, filter-data, merge-conf, post-transaction- : actions, priorities, product-id, protectbase, refresh- : packagekit, security, subscription-manager, verify, versionlock Loading mirror speeds from cached hostfile * epel: mirror.bytemark.co.uk * epel-debuginfo: mirror.bytemark.co.uk Skipping filters plugin, no data 0 packages excluded due to repository protections glibc.i686 2.12-1.149.el6_6.5 rhel-6-server-rpms glibc.x86_64 2.12-1.149.el6_6.5 rhel-6-server-rpms glibc-common.x86_64 2.12-1.149.el6_6.5 rhel-6-server-rpms glibc-devel.i686 2.12-1.149.el6_6.5 rhel-6-server-rpms glibc-devel.x86_64 2.12-1.149.el6_6.5 rhel-6-server-rpms glibc-headers.x86_64 2.12-1.149.el6_6.5 rhel-6-server-rpms Additional info:
Not a glibc issue. Moving to yum.
I can't reproduce this issue, 'yum --security check-update glibc\*' gives me the expected output. Are you still facing this problem? It could be helpful to try to disable all plugins except product-id, security and subscription-manager, clear the cache and try again.
I can no longer reproduce this, but I have no idea what might have changed. Could you tell me what metadata yum-plugin-security uses so I can try to figure it out without having to read the source? (It gives me false positives with check-update too, which are still present.)
yum-plugin-security uses the updateinfo metadata (something like /var/cache/yum/x86_64/6Server/rhel-6-server-rpms/6189da8c10e23e0a4b0ce14e30131e484ff83070d3a7db43152bf27da436a87e-updateinfo.xml.gz) Since the issue cannot be reproduced, I am closing this. Please feel free to reopen if you have a reliable reproducer.