Hello! Looks like something that deserves research. Can you open an issue? I'd even say you should open it as a bug report. El lunes, 17 de abril de 2023 15:08:30 (CEST) Guillaume Rousse escribió:

Hello list. All my apologies if this issue is documented elsewhere, I couldn't find anything relevant sofar.

On our Ubuntu hosts, I'm frequently facing this kind of issue when attempting to apply an errata: libgssapi-krb5-2 : Depends: libkrb5-3 (= 1.16-2ubuntu0.3) but 1.16-2ubuntu0.4 is to be installed

This often happens because multiple errata applies to the same package, and apt refuse to apply intermediate transactions. This is usually solved by applying errata individually, starting with the most recent one.

However, this one is quite worse: Uyuni considers USN-59591-1 (https://ubuntu.com/security/notices/USN-5959-1) irrelevant, because the vulnerability only concerns the KDC itself, and we don't have any KDC installed. However, the whole krb5 package has been released and published on the mirrors, and when Uyuni attempts to update libgssapi-krb5-2 because of USN-5828-1 (https://ubuntu.com/security/notices/USN-5828-1), it fails for with the previous error message :(

Excepted rewriting USN-59591-1 advisory to explicitely includes every krb5 subpackages, or to manually install this blocking update on every host, I don't know how to workaround this.

-- Julio González Gil Release Engineer, SUSE Manager and Uyuni jgonzalez@suse.com