Created attachment 1420963 [details]
output of yum updateinfo, and yum --advisory
Description of problem:
Attempting to install packages from a specified advisory and yum installs newer versions of the package than those listed in the advisory.
Version-Release number of selected component (if applicable):
RHEL 7.4 system trying to apply RHBA-2017:2581 which should provide kernel-3.10.0-693.2.1.el7.x86_64. Using yum updateinfo also returns this information. However, when running the command, the kernel is actually upgraded to kernel.x86_64 0:3.10.0-862.el7
Seems to happen every time.
Steps to Reproduce:
1. Have a RHEL 7.4 system with kernel older than 3.10.0-693.2.1.el7.x86_64.
# yum updateinfo list kernel
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
RHSA-2017:2473 Important/Sec. kernel-3.10.0-693.1.1.el7.x86_64
RHBA-2017:2581 bugfix kernel-3.10.0-693.2.1.el7.x86_64
RHSA-2017:2679 Important/Sec. kernel-3.10.0-693.2.2.el7.x86_64
RHSA-2017:2930 Important/Sec. kernel-3.10.0-693.5.2.el7.x86_64
RHSA-2017:3315 Moderate/Sec. kernel-3.10.0-693.11.1.el7.x86_64
RHSA-2018:0007 Important/Sec. kernel-3.10.0-693.11.6.el7.x86_64
RHSA-2018:0151 Important/Sec. kernel-3.10.0-693.17.1.el7.x86_64
RHSA-2018:0395 Important/Sec. kernel-3.10.0-693.21.1.el7.x86_64
updateinfo list done
# yum update --advisory=RHBA-2017:2581
Instead of kernel-3.10.0-693.2.1.el7.x86_64 being installed, kernel.x86_64 0:3.10.0-862.el7 is.
kernel-3.10.0-693.2.1.el7.x86_64 being installed
It is interesting to note that kernel.x86_64 0:3.10.0-862.el7 does not show at all in yum updateinfo list kernel even though it is obviously available and installs. It appears there is no metadata for this that yum updateinfo can parse?
Yum install latest available packages. AFAIK --advisory option only adds respective package updates to the transactions, not necessarily specific NVRs.
Can you try update-minimal command eventually?
I confirm; yum always picks up the newest available version.
In general, when installing/updating packages, yum assumes that you always want the latest greatest, unless you select a specific NEVRA.
With advisories specifically, though, the latter is not supported (nor desired). Yum will always pick the latest advisory for each package. The rationale is that, when an advisory is released and distributed in the updateinfo.xml files, any previous versions of the same advisory become irrelevant (even though they're still listed in the xml and displayed when using "updateinfo list", for example) and users shouldn't really update to those as they could, for example, contain security flaws that have been addressed in a newer advisory.
So, in practice, --advisory is only useful for selecting which packages you want to update, as Karel mentioned.
That said, if you really need to apply an older advisory for some reason, update-minimal is your friend. I have tried it and it worked as you'd expect.
update-minimal seemed to work for my limited testing. Thank you for your assistance.