Description of problem: RHEL8 host has the perl 5.26 module enabled and the perl-DBD-SQLite package installed: ~~~ [root@rhel8 ~]# dnf list installed | grep perl-DBD perl-DBD-SQLite.x86_64 1.58-2.module+el8.1.0+2940+f62455ee @rhel-8-for-x86_64-appstream-rpms [root@rhel8 ~]# dnf module list | grep perl perl 5.24 common [d], minimal Practical Extraction and Report Language perl 5.26 [d][e] common [d], minimal Practical Extraction and Report Language perl 5.30 common [d], minimal Practical Extraction and Report Language perl-App-cpanminus 1.7044 [d] common [d] Get, unpack, build and install CPAN modules perl-DBD-MySQL 4.046 [d] common [d] A MySQL interface for Perl perl-DBD-Pg 3.7 [d] common [d] A PostgreSQL interface for Perl perl-DBD-SQLite 1.58 [d][e] common [d] SQLite DBI driver perl-DBI 1.641 [d][e] common [d] A database access API for Perl perl-FCGI 0.78 [d] common [d] FastCGI Perl bindings perl-IO-Socket-SSL 2.066 [d][e] common [d] Perl library for transparent TLS perl-YAML 1.24 [d] common [d] Perl parser for YAML perl-libwww-perl 6.34 [d][e] common [d] A Perl interface to the World-Wide Web ~~~ Once the perl-DBD-SQLite package in installed, Satellite indicates 2 erratas that need to be applied, RHEA-2020:4727 and RHBA-2019:3337. The issue is that RHEA-2020:4727 is for perl 5.30, and RHBA-2019:3337 is for perl 5.24. The host has perl 5.26 module enabled. And if the host tries to install either of those erratas, yum indicates nothing to do: ~~~ [root@rhel8 ~]# yum update --advisory RHEA-2020:4727 Updating Subscription Management repositories. Red Hat Enterprise Linux 8 for x86_64 - Supplementary (RPMs) 33 kB/s | 3.8 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 33 MB/s | 42 MB 00:01 Red Hat Satellite Tools 6.10 for RHEL 8 x86_64 (RPMs) 57 kB/s | 3.8 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 18 MB/s | 38 MB 00:02 No security updates needed, but 363 updates available Dependencies resolved. Nothing to do. Complete! [root@rhel8 ~]# yum update --advisory RHBA-2019:3337 Updating Subscription Management repositories. Red Hat Enterprise Linux 8 for x86_64 - Supplementary (RPMs) 55 kB/s | 3.8 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 62 kB/s | 4.1 kB 00:00 Red Hat Satellite Tools 6.10 for RHEL 8 x86_64 (RPMs) 63 kB/s | 3.8 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 71 kB/s | 4.5 kB 00:00 No security updates needed, but 363 updates available Dependencies resolved. Nothing to do. Complete! ~~~ If the perl-DBD-SQLite package is removed, the erratas no longer show as applicable from Satellite UI. Both RHEA-2020:4727 and RHBA-2019:3337 return duplicates when I search for them in the filter box under the Content => Errata page. Something like "errata_id=RHBA-2019:3337" will result in 2 entries for RHBA-2019:3337. The 2 results appear identical, except for the applicable host count. When my RHEL8 host has the perl-DBD-SQLite package installed from the perl 5.26 module, 1 of the erratas shows as 0 hosts applicable, while the other shows 1 host applicable. When I remove the perl-DBD-SQLite package, neither of the duplicate erratas shows as applicable. Not sure if this is related, but seems weird. I noticed this same behavior on Satellite 6.9. However, I didn't notice this issue while testing with Satellite 6.8. Version-Release number of selected component (if applicable): Satellite 6.9 Satellite 6.10 How reproducible: always Steps to Reproduce: 1. Clean RHEL8 host registered to Satellite with katello-host-tools installed 2. Enable perl 5.26 and install perl-DBD-SQLite 3. View Content Host Applicable Errata from Satellite UI Actual results: 2 erratas RHEA-2020:4727 and RHBA-2019:3337 show as applicable. Expected results: Neither RHEA-2020:4727 or RHBA-2019:3337 should show as applicable. Additional info:
My customer has the same issue, and it's affecting (at least) MariaDB and Perl on their RHEL 8 servers. For MariaDB in particular, they have version 10.3 enabled, but Satellite tells them that packages for module 10.5 are available. Not only are they unaware of which RHEL 8 hosts _actually_ have applicable security updates until they try to apply them, but they're required to perform manual security audits of every such alert (even if the packages _can't_ be applied). A lot of work on the customer side would be saved if Satellite accurately alerted them to security updates for modules that they have enabled, rather than for modules that they haven't enabled.