[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: RHSA-2005:472-05 (kernel security update) not required for all?

From: Stephen Gardner <stephen-rhel uk org>
To: "Discussion of Red Hat Enterprise Linux 3 (Taroon)" <taroon-list redhat com>
Subject: Re: RHSA-2005:472-05 (kernel security update) not required for all?
Date: Thu, 26 May 2005 14:15:26 +0100 (BST)

On Thu, 26 May 2005, Ben wrote:

The security advisory RHSA-2005:472-05 says:
"These new kernel packages contain fixes for the three security issues
 described below as well as an important fix for a problem that could
 lead to data corruption on x86-architecture SMP systems with greater
 than 4GB of memory through heavy usage of multi-threaded applications."
According to my own records and RHN, all of my machines (WS and AS) are running kernel 2.4.21-32.EL, many (WS and AS) are running 2.4.21-32.ELsmp. One AS machine has 4GB of RAM, the remainder have between 512MB and 2GB of RAM.

All (bar one) were kickstarted from RHEL3 u4 kickstart points and have been through the 2.4.21-27.0.2.EL -> 2.4.21-27.0.4.EL -> 2.4.21-32.EL kernel upgrade path. All are fully up to date with regard to up2date and the RHN. None of these machines apparently require that RHSA-2005:472-05 be applied.

The remaining one AS machine was kickstarted very recently from a RHEL3 u5 kickstart point directly to kernel 2.4.21-32.ELsmp. Only this machine is listed in RHN as requiring the upgrade to 2.4.21-32.0.1.EL (the above RHSA-2005:472-05). There's an additional RHSA-2005:413-04 regarding ImageMagick which also only seems to apply to this machine and none of the others but I'm not so concerned about that.

This single machine was kickstarted in an identical manner (other than using a u5 rather than a u4 kickstart set) to another machine, runs on identical hardware and has all the same RPMs on. That other machine doesn't require either errata. I don't get it.
Does anyone know what's going on?

Ben, As a matter of interest on the machines that RHN says does not require RHSA-2005:472-05, what's in /etc/redhat-release? From what I've seen a machine that has a "Update 5" redhat-release package but does not have the latest kernel shows up in RHN as requiring that update. A machine running U4 does not show up as requiring RHSA-2005:472-05 (in RHN) but the package will be listed as a new kernel package in up2date.

If I'm following this correctly RHSA-2005:472-05 is a U5 Errata update which shows up in RHN for U5 systems. Additionally it's an available package update for U4 machines which won't show up in RHN until redhat-release is upgraded. From what I can tell RHN is checking the redhat-release as a baseline, currently if you're U5 you need RHSA-2005:472-05, if you're U4 you can upgrade the kernel package to 2.4.21-32.0.1.EL. Both are the same thing viewed from different perspectives by RHN and up2date.

Regards,
  Stephen

PS. I've just confirmed my belief in this by updating a non-SMP machine and the above holds true. SMP/UP doesn't seem to be a factor.

Follow-Ups:
- Re: RHSA-2005:472-05 (kernel security update) not required for all?
  - From: Ben

References:
- RHSA-2005:472-05 (kernel security update) not required for all?
  - From: Ben

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]