RHEL 5.2 Updates

[spaceout]

I noticed there are a lot of yum updates available for RHEL 5 this morning. Does anyone know if they are safe to install in a Plesk 8.3 / ASL environment?

I always get a little nervous when I see a ton of updates like that. The last time I installed a ton of RH updates my DNS went down and I had a server offline for almost a full day trying to fix the damn thing.

I currently have the following in my yum exclude list in /etc/yum.conf:

exclude=kernel* sendmail bind-chroot caching-nameserver

[scott]

Yup they're safe. Thats RHEL 5.2

[spaceout]

My biggest concern was with the update to Bind. That is what gave me such a hassle last time. Of course, that was before I saw that I needed to exclude bind-chroot from the update because it causes some sort of problem with Plesk

[Highland]

Looks like 5.2 is out (hence the large number of updates).
Since you have bind-chroot excluded you should be fine as far as DNS goes (only other package I exclude is Apache-ASP). Not sure why you'd need to exclude kernels tho.

[spaceout]

Honestly, I don't know much about why kernels would be excluded. That was just the exclude list that Plesk supplied in one of their Knowledge Base articles so I used it.

[breun]

I wouldn't exclude kernels. Recently there was a local root exploit in the kernel which also affected RHEL 5. Note that you need to boot into the updated kernel before you're actually using it. Just installing the updated kernel isn't protecting you.

[spaceout]

Since I'm using the ASL kernel, will the kernel updates from Red Hat mess anything up?

Also, I did run the full yum update and everything seems to be running great.

[scott]

Not at all, if you notice we're way ahead of RHEL on kernels (2.6.24 vs 2.6.19). We should have 2.6.25.4 out very soon.

[BerArt]

So did anybody update already? Any problems?

[Slider]

My biggest concern was with the update to Bind. That is what gave me such a hassle last time. Of course, that was before I saw that I needed to exclude bind-chroot from the update because it causes some sort of problem with Plesk

yes me too I solved this issue

uninstall CHroot-bind

and

I also had to add this line back into /etc/sysconfig/named:
ROOTDIR="/var/named/run-root"
It was removed either by Plesk or uninstalling bind-chroot.

[Highland]

No problems running the new stuff but they built their packages weird this time. Normally a package has dependencies like required >= 1.2.3 (unless it's a subpackage, like php 5.2.5 would require 5.2.5 packages). For some odd reason they have some packages requiring a specific version (ie required = 1.2.3) so if you're running 1.2.4 (or if they provide you 1.2.4 in the list) it fails.

Case in point (emphasis mine)

[root@server1 ~]# yum update iptables-ipv6
*snip*
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package iptables-ipv6.i386 0:1.3.5-4.el5 set to be updated
--> Processing Dependency: iptables = 1.3.5-0 for package: iptables-ipv6
--> Finished Dependency Resolution
Error: Missing Dependency: iptables = 1.3.5-0 is needed by package iptables-ipv6
[root@server1 ~]# rpm -q iptables
iptables-1.3.5-4.el5

The stupid thing is that iptables-1.3.5-4 came with RHEL 5.2!

The list of packages that failed in similar manner

cups.i386 1:1.2.4-11.18.el5 rhel-i386-server
iptables-ipv6.i386 1.3.5-4.el5 rhel-i386-server
libhugetlbfs.i386 1.2-5.el5 rhel-i386-server
libxslt-python.i386 1.1.17-2.el5_1.1 rhel-i386-server
ntsysv.i386 1.3.30.1-2 rhel-i386-server
rpm.i386 4.4.2-48.el5 rhel-i386-server
rpm-build.i386 4.4.2-48.el5 rhel-i386-server
rpm-libs.i386 4.4.2-48.el5 rhel-i386-server
rpm-python.i386 4.4.2-48.el5 rhel-i386-server
system-config-date.noarch 1.8.12-3.el5 rhel-i386-server

This doesn't mean you can't run RHEL 5.2, it just means you can't do a simple yum update -y

[scott]

A Requires: like that is just silly. Thanks for the heads up on it, we'll be putting out a iptables 1.4.0 package with the next ASL kernel update, so its good to know about any pitfalls like that in advance.