[CentOS] How to get 4.3 updates without 4.4 upgrade

Jay Lee jlee at pbu.edu
Mon Sep 4 18:28:53 UTC 2006


Robert Moskowitz wrote:
> Jay Lee wrote:
>> Robert Moskowitz wrote:
>>> Well, I want to stay on an even keel, here with 4.3 for a week or two.
>>>
>>> I would like to update needed programs.
>>>
>>> Would also like to get a newer gnome!
>>>
>>> What are others doing here.  Too much traffic, too much to read....
>>
>> The only real solution is to have a test box and/or network and test 
>> your patches on that.  Without having tested the patches, whether 
>> they're security patches or new features, you risk breaking your 
>> app.  You should consider setting up a test box, testing your app. 
>> with 4.4, then retest after critical updates are released.  Once 
>> you've verified the critical update doesn't break your app in two, 
>> apply it to the production box.  When a update release comes out for 
>> CentOS, test against that also (you'll probably want to do more 
>> extended testing since a lot changes in update releases).
>>
>> This is also what "rpm -q --changelog" and Update release notes are 
>> meant for, so that you can get an idea of what's changes, why and how 
>> it might affect your app.
> I think you left out something on your rpm command.  It does not work 
> for me, even as root.
>
> rpmq: no arguments given for query
rpm -q --changelog <packagename> will return the full changelog of the 
given package e.g.

#rpm -q --changelog kernel

* Thu Aug 17 2006 Jason Baron <jbaron at redhat.com> [2.6.9-42.0.2]

-sctp: Fix data overflow in iovec computation (Neil Horman) [202122]

* Fri Aug 04 2006 Jason Baron <jbaron at redhat.com> [2.6.9-42.0.1]

-fix O_DIRECT writes to memory holes can leak a page reference (Jeff 
Moyer) [191
736] {CVE-2004-2660}
-fix sctp chunk length overflow (Neil Horman) [192636] {CVE-2006-1858}
-fix possible DoS in write routine of ftdi_sio driver (Pete Zaitcev) 
[197610] {C
VE-2006-2936}
-fix typo in drivers/cdrom/cdrom.c (Chip Coldwell) [197670] {CVE-2006-2935}
-Fix reboot on IBM Pizzaro machines (Bastien Nocera) [200111]
-don't shut down on bogus filehandles from nfs clients (Eric Sandeen) 
[199172] {
CVE-2006-3468}
-fix for prevention of setuid/gid on /proc/<pid> files (Ernie Petrides) 
[198973]
 {CVE-2006-3626}
-fix SNMP NAT netfilter memory corruption (Thomas Graf) [192632] 
{CVE-2006-2444}
-fix for non-hugemem x86 DoS w/bogus %ds/%es values (Ernie Petrides) 
[196280] {C
VE-2006-2932]
...
...

Now I can see what's changed in the 42.0.2 kernel.  Were I running a 
important router/firewall, NFS server or IBM Pizzaro box I'd probably 
want to take note of this update and test things out there...  Note that 
changelogs aren't always complete documentation of changes, they're an 
overview.

Jay



-------------- next part --------------
A non-text attachment was scrubbed...
Name: jlee.vcf
Type: text/x-vcard
Size: 255 bytes
Desc: not available
Url : http://lists.centos.org/pipermail/centos/attachments/20060904/bd2b2862/jlee.vcf


More information about the CentOS mailing list