On 11/11/2016 11:20 PM, Peter wrote:
On 12/11/16 10:02, Mohammed Naser wrote:
It seems that the latest released version of qemu-kvm-ev is qemu-kvm-ev-2.3.0-31.el7_2.21.1 based on the following:
https://cbs.centos.org/koji/packageinfo?packageID=539
However, our systems are refusing to update to that package because qemu-kvm-ev-2.3.0-31.el7.16.1 is installed. I believe the 16.1 is making it seem that it is newer than 2.21.1 (16 > 2). As a result, we're unable to update and it seems that the latest package covers 2 CVE's, to which this one doesn't.
No, it sorts properly: $ printf '%s\n' 2.3.0-31.el7_2.21.1 2.3.0-31.el7.16.1 | sort -V 2.3.0-31.el7.16.1 2.3.0-31.el7_2.21.1
RPM has a pretty elaborate sorting mechanism it uses when comparing versions and releases, which won't always match what "sort -V" thinks.
Using the "rpmdev-vercmp" utility from the rpmdevtools package:
$ rpmdev-vercmp 0 2.3.0 31.el7.16.1 0 2.3.0 31.el7_2.21.1 0:2.3.0-31.el7.16.1 > 0:2.3.0-31.el7_2.21.1
So the installed version appears to be newer than the "el7_2" version.
Following looks to be a fairly good write up of how the version comparison works:
http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
-Greg