There is a known path for recovery from the RPM 'stale locks' issue which does NOT require a non-security RPM 'update' -- Others may come out differently in all good intent; but except for the unresolved subtle RPM exploit path mentioned on a public list (which should properly be resolvable as the SELinux capability extensions are rolled in [which will not happen in fedora-legacy]), a change to rpm-4.2.x is just a "upgrade to the latest and greatest." No thanks.