RHEL6 Fixlet seems to be incomplete

Can someone direct me to whom I should contact about what seems to be incorrect fixlet content? I’ve never had a problem like this before and am not sure if I should open a PMR on this type of issue.

The problem basically revolves around the latest RHSA 2016-1237 advisory for the Imagemagick vulnerabilities in RHEL6 and RHEL7. The published fixlet for RHEL7 contains updates for all of the affected packages, imagemagick, imagemagick-c++, imagemagick-devel, imagemagick-doc, imagemagick-perl, etc. However, the published fixlet for RHEL6 only addresses the imagemagick and imagemagick-c++ packages which is contrary to the Red Hat advisory and is what is contained in the actual updated RPM.

What we have found is when we push the RHEL6 2016:1237 fixlet to a server that has imagemagick packages other that what is in the fixlet description the end result is a failure due to unmet dependencies.

Any help on this would be appreciated.

1 Like

The missing packages are only available in the optional channels on RHEL 6. BigFix patching for RHEL 6 does not support the optional channels.

The workaround would be to either install the package manually, or to manually remove the packages that are from the optional channels, and then apply the Fixlet.

1 Like

We keep a set of Red Hat VMs around to handle this … RHEL Server and RHEL Client at each version of OS we support. We have them registered with Red Hat Network and they download the optional packages directly to make a local mirror. We create our own Fixlets to deploy across the enterprise.

1 Like