Bug 1445091
| Summary: | yum list-sec and yum update-minimal do not show or install all available security updates when RHEL 6 Optional repo is enabled | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Candace Sheremeta <cshereme> |
| Component: | yum | Assignee: | Valentina Mukhamedzhanova <vmukhame> |
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.8 | CC: | aperotti, cww, daniele, james.antill, mmccune, pmoravec |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-16 15:46:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1353215 | ||
|
Description
Candace Sheremeta
2017-04-24 22:21:40 UTC
A clear example of this behavior: [root@ibm-x3650m4-01-vm-14 ~]# yum --disablerepo rhel-6-server-optional-rpms list-sec | wc -l 1839 [root@ibm-x3650m4-01-vm-14 ~]# yum list-sec | wc -l 603 if you disable the optional repo in the listing of security errata, it works fine, but with it enabled you miss a huge portion of the errata I am quite convinced this is dup of bz1408508, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1408508#c12 with: # zgrep RHSA-2017:0725 /var/lib/pulp/published/yum/https/repos/Default_Organization/Library/content/dist/rhel/server/6/6Server/x86_64/optional/os/repodata/* /var/lib/pulp/published/yum/https/repos/Default_Organization/Library/content/dist/rhel/server/6/6Server/x86_64/optional/os/repodata/8528f80d6ab8142b19f6c104d37d630d2a1bd20d-updateinfo.xml.gz:<update from="release-engineering" status="final" type="security" version="7"><id>RHSA-2017:0725</id><issued date="2017-03-21 06:17:48 UTC" /><title>Moderate: bash security and bug fix update</title><release>0</release><rights>Copyright 2017 Red Hat Inc</rights><solution>For details on how to apply this update, which includes the changes described in /var/lib/pulp/published/yum/https/repos/Default_Organization/Library/content/dist/rhel/server/6/6Server/x86_64/optional/os/repodata/8528f80d6ab8142b19f6c104d37d630d2a1bd20d-updateinfo.xml.gz:from the References section.</description><updated date="2017-03-21 06:18:32 UTC" /><references><reference href="https://access.redhat.com/errata/RHSA-2017:0725" id="RHSA-2017:0725" title="RHSA-2017:0725" type="self" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1377613" id="1377613" title="CVE-2016-0634 bash: Arbitrary code execution via malicious hostname" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1379630" id="1379630" title="CVE-2016-7543 bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1396383" id="1396383" title="CVE-2016-9401 bash: popd controlled free" type="bugzilla" /><reference href="https://www.redhat.com/security/data/cve/CVE-2016-0634.html" id="CVE-2016-0634" title="CVE-2016-0634" type="cve" /><reference href="https://www.redhat.com/security/data/cve/CVE-2016-7543.html" id="CVE-2016-7543" title="CVE-2016-7543" type="cve" /><reference href="https://www.redhat.com/security/data/cve/CVE-2016-9401.html" id="CVE-2016-9401" title="CVE-2016-9401" type="cve" /><reference href="https://access.redhat.com/security/updates/classification/#moderate" id="classification" title="moderate" type="other" /><reference href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html" id="ref_0" title="other_reference_0" type="other" /><reference href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html" id="ref_1" title="other_reference_1" type="other" /></references><pkglist><collection short=""><name>rhel-6-server-rpms__6Server__x86_64</name></collection></pkglist><pkglist><collection short=""><name>rhel-6-server-optional-rpms__6Server__x86_64</name><package arch="x86_64" epoch="0" name="bash-doc" release="48.el6" src="bash-4.1.2-48.el6.src.rpm" version="4.1.2"><filename>bash-doc-4.1.2-48.el6.x86_64.rpm</filename><sum type="sha256">e896067f6253cba4f5db912775873566c86b4fd550ddfa9a586beb1d6c2b7425</sum></package></collection></pkglist></update> # and: # zgrep RHSA-2017:0725 /var/lib/pulp/published/yum/https/repos/Default_Organization/Library/content/dist/rhel/server/6/6Server/x86_64/os/repodata/* /var/lib/pulp/published/yum/https/repos/Default_Organization/Library/content/dist/rhel/server/6/6Server/x86_64/os/repodata/43b8d2a2e5bc9c85231aa05fb1cbed6898593092-updateinfo.xml.gz:<update from="release-engineering" status="final" type="security" version="7"><id>RHSA-2017:0725</id><issued date="2017-03-21 06:17:48 UTC" /><title>Moderate: bash security and bug fix update</title><release>0</release><rights>Copyright 2017 Red Hat Inc</rights><solution>For details on how to apply this update, which includes the changes described in /var/lib/pulp/published/yum/https/repos/Default_Organization/Library/content/dist/rhel/server/6/6Server/x86_64/os/repodata/43b8d2a2e5bc9c85231aa05fb1cbed6898593092-updateinfo.xml.gz:from the References section.</description><updated date="2017-03-21 06:18:32 UTC" /><references><reference href="https://access.redhat.com/errata/RHSA-2017:0725" id="RHSA-2017:0725" title="RHSA-2017:0725" type="self" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1377613" id="1377613" title="CVE-2016-0634 bash: Arbitrary code execution via malicious hostname" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1379630" id="1379630" title="CVE-2016-7543 bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution" type="bugzilla" /><reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1396383" id="1396383" title="CVE-2016-9401 bash: popd controlled free" type="bugzilla" /><reference href="https://www.redhat.com/security/data/cve/CVE-2016-0634.html" id="CVE-2016-0634" title="CVE-2016-0634" type="cve" /><reference href="https://www.redhat.com/security/data/cve/CVE-2016-7543.html" id="CVE-2016-7543" title="CVE-2016-7543" type="cve" /><reference href="https://www.redhat.com/security/data/cve/CVE-2016-9401.html" id="CVE-2016-9401" title="CVE-2016-9401" type="cve" /><reference href="https://access.redhat.com/security/updates/classification/#moderate" id="classification" title="moderate" type="other" /><reference href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html" id="ref_0" title="other_reference_0" type="other" /><reference href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html" id="ref_1" title="other_reference_1" type="other" /></references><pkglist><collection short=""><name>rhel-6-server-rpms__6Server__x86_64</name><package arch="x86_64" epoch="0" name="bash" release="48.el6" src="bash-4.1.2-48.el6.src.rpm" version="4.1.2"><filename>bash-4.1.2-48.el6.x86_64.rpm</filename><sum type="sha256">ea357dfce36e9d904281fc57ada83f0cf3f0461de8a5b91c1fc787e73a94803c</sum></package></collection></pkglist><pkglist><collection short=""><name>rhel-6-server-optional-rpms__6Server__x86_64</name></collection></pkglist></update> # See the empty pkglist for rhel-6-server-optional-rpms collection in rhel-6-server-rpms repodata and vice versa. *** This bug has been marked as a duplicate of bug 1408508 *** |