Red Hat Bugzilla – Bug 160968
rhn_applet wronly shows no updates needed
Last modified: 2007-11-30 17:11:08 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4
Description of problem:
rhn-applet shows the system as fully up-to-date when it is not.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Look at rhn-applet
2. run yum update
Actual Results: On a clean install of FC4-x86_64, rhn-applet shows the system as fully up to date, with a nice, reassuring blue tick.
yum shows 53 packages out of date, some with security issues (remote DoS)
Expected Results: rhn-applet does it's job, and shows the user when updates are available.
This is a security issue: most users of FC rely on this applet to let them know when updates are available.
If users are given the impression (by the big, safe, blue tick!) that there are no updates which need to be applied they will be put at risk. This needs to be fixed before there's something really nasty like a big hole in firefox.
There's already one remote DoS in spamassassin and 2 in gaim being hidden from users by this false reassurance, the latter of which I suspect will go largely unnoticed until this rhn_applet bug is fixed. Most people don't subscribe to the -announce list...
This appears to be a dupe of bug #160921, which is probably a result of bug #160873.
You're right, but this is definitely a secuirty bug - something which the other
2 reports don't address. (Think how many users look at the rhn-applet
tick/exclamations point as their sole vector for security info...)
This is definetly a dup of bug 160873, resolve as such please.
I have also seen this problem with all four Fedora Core 4 installs I've done.
The first two were upgrades from FC2 so I thought it was something just hosed
because of that. The second to installs were new installs on bare machines and
both are showwing the samy symptom. The network alert applet fails to see any
updates. I have verified that they are registered (atleast according to the gui
tools) and I've manually run check for updates with no change. Running yum
update shows that there are over 100 updates waiting to be downloaded and
installed, yet all I see is the nice little blue check icon saying allclear.
rhn-applet was replaced by pirut and put (package pirut) as of FC5. Only FC5
and FC6 are currently fully supported; FC3 and FC4 are supported for security
fixes only. If this bug occurs in FC3 or FC4 and is a security bug, please
change the product to Fedora Extras and the version to match. If you can verify
that the bug exists in RHEL as well, please change the product and version
The codebase for pirut and pup is quite different, but if a similar bug exists
in pirut and pup in FC5 or FC6, please change the product to pirut and the
version appropriately and update the bug report.
We apologize that the bug was not fixed before now. The status will be changed
to NEEDINFO, and if the bug is not updated with evidence that it is a security
bug or a bug that affects RHEL, it will be closed.
Note that rhn-applet may still be present on upgraded systems, and in general
will not function correctly on such systems. That is not a bug; anaconda does
not generally erase removed packages upon upgrades.
Closing per previous comment.