Rollback RPM

Posted by blogadmin on June 14, 2012

Our monthly vulnerability mitigation policy wanted us to upgrade our vulnerable nss_ldap package to latest version. I went ahead and did the upgrade. After consulting CERT and various CVE and NVD site I found the upgrade was not needed as current version was not having any vulnerabilities. Sadly the new version installed had vulnerabilities according to CVE so it was time to revert back to earlier version. Here is how I did it.

Install yum-utils (To get yumdownloader script)

# yum -y install yum-utils
Running Transaction
Installing: yum-utils ######################### [1/1]

Download the previous version of nss_ldap

# yumdownloader nss_ldap-253-5.el5
Loading "rhnplugin" plugin
rhel-x86_64-server-5 100% |=========================| 1.4 kB 00:00
nss_ldap-253-5.el5.x86_64 100% |=========================| 1.4 MB 00:00
nss_ldap-253-5.el5.i386.r 100% |=========================| 1.4 MB 00:00

The packages will be downloaded and saved in the current working directory, to verify, list the directory:

# ls nss_ldap*
nss_ldap-253-5.el5.i386.rpm nss_ldap-253-5.el5.x86_64.rpm

Downgrade the package using rpm : 

# rpm -Uvh --oldpackage nss_ldap-253-5.el5.*.rpm
Preparing... ########################################### [100%]
 1:nss_ldap ########################################### [ 50%]
 2:nss_ldap ########################################### [100%]

Let Red Hat Network know that you have downgraded the packages: 

# rhn-profile-sync
Updating package profile...
Updating hardware profile...

After reboot the problem should be fixed.

Share Button

Filed under System Administration

Tagged , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>