Bug 56328

Summary: New openssl096 ignored in Red Hat Linux 7.2
Product: Red Hat Satellite 5 Reporter: Nic Doye <nic>
Component: OtherAssignee: Cristian Gafton <gafton>
Status: CLOSED NOTABUG QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: alikins, cturner, mihai.ibanescu, pjones, srevivo
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: https://rhn.redhat.com/network/package/package_errata.pxt?pid=16762
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-11-15 17:43:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nic Doye 2001-11-15 17:43:36 UTC
Description of Problem:

The openssl096-0.9.6 package for 7.2 supercedes the openssl-0.9.6b-8 
package but is not given as a "Newer Version" in RHN.

openssl-0.9.6b-4 package in 7.1 had a security problem - does the 
openssl-0.9.6b-8 for 7.2 have this problem too, and should users upgrade?

Version-Release number of selected component (if applicable):


How Reproducible:


Steps to Reproduce:
1. Install RH7.1
2. upgrade to 7.2 in non-recommended fashion (rpm -Fvh *.rpm)
3. look for security updates on RHN

Actual Results:
openssl-0.9.6b-8  installed and not marked as having newer version

Expected Results:
Should have openssl096-0.9.6 offerred as newer release of same software.

Additional Information:
Apologies if not a bug.
Still could be a security issue to many users (especially those using 
ReiserFS or XFS who can't upgrade using the RedHat approved method on the 
CDs yet).

Comment 1 Jay Turner 2001-11-16 13:27:20 UTC
I don't think that you have a bug here.  Basically this is what's going on.  The
openssl096-0.9.6 package is actually a compat library providing libssl.so.0.9.6
and libcrypto.so.0.9.6.  This is in contrast to the openssl-0.9.6b-8 package
shipped with 7.2 which provides libssl.so.0.9.6b and libcrypto-0.9.6b.  So, the
net result is that as long as you don't have code on your system which depends
on the old 0.9.6 libraries, you will not need the openssl096 compat package. 
Openssl096 does not replace openssl-0.9.6b, nor the other way around. 
Furthermore, openssl-0.9.6b-8 is indeed the latest security release from Red
Hat, so you do have the latest stuff.