Updating BIND

[Eric Pretorious]

Updating BIND / Warning: RPMDB altered outside of yum

While updating the BIND packages today (to address CVE-2013-4854), I noticed this warning...

[root@www ~]# yum update bind
...
0 packages excluded due to repository protections
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.8.2-0.17.rc1.el6_4.4 will be updated
---> Package bind.x86_64 32:9.8.2-0.17.rc1.el6_4.5 will be an update
--> Processing Dependency: bind-libs = 32:9.8.2-0.17.rc1.el6_4.5 for package: 32:bind-9.8.2-0.17.rc1.el6_4.5.x86_64
--> Running transaction check
---> Package bind-libs.x86_64 32:9.8.2-0.17.rc1.el6_4.4 will be updated
--> Processing Dependency: bind-libs = 32:9.8.2-0.17.rc1.el6_4.4 for package: 32:bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64
---> Package bind-libs.x86_64 32:9.8.2-0.17.rc1.el6_4.5 will be an update
--> Running transaction check
---> Package bind-utils.x86_64 32:9.8.2-0.17.rc1.el6_4.4 will be updated
---> Package bind-utils.x86_64 32:9.8.2-0.17.rc1.el6_4.5 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================================================================
 Package             Arch            Version                 Repository            Size
==========================================================================================================================================================
Updating:
 bind                x86_64          32:9.8.2-0.17.rc1.el6_4.5           updates          4.0 M
Updating for dependencies:
 bind-libs           x86_64          32:9.8.2-0.17.rc1.el6_4.5           updates          878 k
 bind-utils          x86_64          32:9.8.2-0.17.rc1.el6_4.5           updates          182 k

Transaction Summary
==========================================================================================================================================================
Upgrade   3 Package(s)

Total download size: 5.0 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): bind-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm                                        | 4.0 MB     00:00     
(2/3): bind-libs-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm                                   | 878 kB     00:00     
(3/3): bind-utils-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm                                  | 182 kB     00:00     
==========================================================================================================================================================
Total                                               7.2 MB/s | 5.0 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
[B][COLOR="#FF0000"]Warning: RPMDB altered outside of yum.[/COLOR][/B]
  Updating   : 32:bind-libs-9.8.2-0.17.rc1.el6_4.5.x86_64                                       1/6 
  Updating   : 32:bind-utils-9.8.2-0.17.rc1.el6_4.5.x86_64                                      2/6 
  Updating   : 32:bind-9.8.2-0.17.rc1.el6_4.5.x86_64                                            3/6 
  Cleanup    : 32:bind-9.8.2-0.17.rc1.el6_4.4.x86_64                                            4/6 
  Cleanup    : 32:bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64                                      5/6 
  Cleanup    : 32:bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64                                       6/6 
  Verifying  : 32:bind-utils-9.8.2-0.17.rc1.el6_4.5.x86_64                                      1/6 
  Verifying  : 32:bind-libs-9.8.2-0.17.rc1.el6_4.5.x86_64                                       2/6 
  Verifying  : 32:bind-9.8.2-0.17.rc1.el6_4.5.x86_64                                            3/6 
  Verifying  : 32:bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64                                       4/6 
  Verifying  : 32:bind-9.8.2-0.17.rc1.el6_4.4.x86_64                                            5/6 
  Verifying  : 32:bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64                                      6/6 

Updated:
  bind.x86_64 32:9.8.2-0.17.rc1.el6_4.5                                                 

Dependency Updated:
  bind-libs.x86_64 32:9.8.2-0.17.rc1.el6_4.5                                             bind-utils.x86_64 32:9.8.2-0.17.rc1.el6_4.5                                            

Complete!

I've never seen this warning before. Should I be concerned?

 

[Nikolay.]

No, this is OK per se. Basically it just means that somebody called rpm directly at some point in the past.

 

[Eric Pretorious]

While updating the BIND packages today (to address CVE-2013-4854), I noticed this warning...

[root@www ~]# yum update bind
...
[B][COLOR="#FF0000"]Warning: RPMDB altered outside of yum.[/COLOR][/B]
...

I've never seen this warning before. Should I be concerned?

No, this is OK per se. Basically it just means that somebody called rpm directly at some point in the past.

I'm the only administrator with access to this particular system. Could this be an attempt to conceal an exploit?

 

[Nikolay.]

While theoretically yes, I think it is highly unlikely. More likely that some script did it. Unless your rpmdb is corrupted and cause problems for yum (i.e., other errors), this warning is perfectly normal.