From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202 Description of problem: RHSA-2003-089-11 fixed bugs in glibc as related to Bugzilla bug #81901 dealing with moderately long lines in /etc/group. Because the main rpm binary is statically linked to glibc, it still is vulnerable to the issues that the glibc update addresses. Specifically, if the install of an RPM package forces the group on a file to be a group that has a long line in /etc/group, it fails the lookup of the group name and sets it to 'root'. Version-Release number of selected component (if applicable): rpm-4.1-1.06 How reproducible: Always Steps to Reproduce: 1. Create a group in /etc/group that has enough members to make the line go over 670 characters. (In my example, I call it 'longgrp') 2. Create an RPM .SPEC file that sets the group of a file to be in the long group: %attr(0444 username longgrp) /usr/local/bin/testme 3. Build the rpm package and install it. Actual Results: rpm complains about group 'longgrp' not being found and sets the group to 'root'. Expected Results: rpm should set the group to 'longgrp' Additional info: The glibc fix for this specific condition is noted in bugzilla bug #81901 and in the glibc errata for RHSA-2003-089-11
Deferred, errata already pending. Don't hold your breath, however, the errata has been pending for 4 months now.