I recently performed a security update on my Rocky Linux 9.3 VM, and during the Vulnerability Assessment, the following security advisory (RLSA) was flagged for installation:
RLSA-2024:2551
When I run a search using yum updateinfo list all | grep RLSA-2024:2551, I get the following output:
i RLSA-2024:2551 Important/Sec. bind-license-2:9.16.23-18.el9_4.1.noarch
i RLSA-2024:2551 Important/Sec. bind-libs-2:9.16.23-18.el9_4.1.x86_64
i RLSA-2024:2551 Important/Sec. bind-utils-2:9.16.23-18.el9_4.1.x86_64
So far, so good.
However, when I attempt to run yum update --security, the system says there are no security updates available:
# yum update --security
No security updates needed, but 309 updates available
Dependencies resolved.
Nothing to do.
Complete!
Can anyone help me understand why this anomaly is occurring? The advisory is listed, but yum update --security indicates that no updates are needed.
First, the Rocky 9.3 became unsupported when Rocky 9.4 was released. Run dnf up to get into supported version.
On CentOS there were no security metadata at all. I did adopt the practice to run dnf up (was yum update in CentOS), and not even think about cherry-picking what to (not) update.
I presume that the ‘updateinfo’ and ‘–security’ are metadata in the repositories (and/or packages). The updateinfo seems to be a separate file for that metadata. Does the ‘–security’ fetch info from that file, or from packages? If the latter, then the build system most likely fails to feed both locations with “consistent data”.
Greetings,
Unfortunately the errata is broken thus --security isn’t working at the moment. I know the infrastructure team is looking for assistance if you are willing to help. @neil Do you have any recommendations for how he might be able to help?
Thanks!