Red Hat Bugzilla – Bug 50780
OpenSSL v0.9.5a RPM installed instead of v0.9.6a version listed in errata
Last modified: 2015-01-07 18:50:09 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.73 [en] (X11; I; Linux 2.4.6 ppc)
Description of problem:
When using the "up2date openssl" command to update OpenSSL under Redhat
v6.2 as per a published security errata, the wrong version of OpenSSL is
Steps to Reproduce:
1. Run up2date openssl on a Redhat v6.2 system
2. See the following:
RPM conflict error. The message was:
Test install failed because of package conflicts:
package openssl-0.9.5a-7.6.x is already installed
Expected Results: OpenSSL v0.9.6a is supposed to be installed, not
v0.9.5a. The Redhat Network support people have been notified about this a
number of weeks ago, but have done nothing about it.
openssl-0.9.5a-7.6.x.i386.rpm is the correct package to be installed,
If there is a web page indicating that there is a 0.9.6a package
available, please let me know, as there is no such package available
as an errata for any Red Hat Linux release.
Created attachment 26354 [details]
OpenSSL v0.9.6a announcement email
The v0.9.6a announcement is attached.
OK, here's what appears to be happening. This errata (RHSA-2001:051-18)
provides 0.9.6-9 RPMs for 7.0 (alpha, intel) and 7.1 (alpha, intel) but provides
0.9.5a-7.6.x RPMs for 6.2 (alpha, intel, sparc) So, when RHN pulled this user
account to send out the email, there were both 7.1 and 6.2 systems on the
profile, but the email did not communicate that two different versions of the
packages were necessary to update the profiled systems. So, the good news is
that those are the latest RPMs for the 6.2 release. However, we need to look at
the code putting together the emails and avert this in the future.