Red Hat Bugzilla – Bug 50780
OpenSSL v0.9.5a RPM installed instead of v0.9.6a version listed in errata
Last modified: 2015-01-07 18:50:09 EST
From Bugzilla Helper: User-Agent: Mozilla/4.73 [en] (X11; I; Linux 2.4.6 ppc) Description of problem: When using the "up2date openssl" command to update OpenSSL under Redhat v6.2 as per a published security errata, the wrong version of OpenSSL is installed. How reproducible: Always Steps to Reproduce: 1. Run up2date openssl on a Redhat v6.2 system 2. See the following: RPM conflict error. The message was: Test install failed because of package conflicts: package openssl-0.9.5a-7.6.x is already installed ^^^^^^ Expected Results: OpenSSL v0.9.6a is supposed to be installed, not v0.9.5a. The Redhat Network support people have been notified about this a number of weeks ago, but have done nothing about it. Additional info:
openssl-0.9.5a-7.6.x.i386.rpm is the correct package to be installed, according to: http://www.redhat.com/support/errata/RHEA-2000-085.html If there is a web page indicating that there is a 0.9.6a package available, please let me know, as there is no such package available as an errata for any Red Hat Linux release.
Created attachment 26354 [details] OpenSSL v0.9.6a announcement email
The v0.9.6a announcement is attached.
OK, here's what appears to be happening. This errata (RHSA-2001:051-18) provides 0.9.6-9 RPMs for 7.0 (alpha, intel) and 7.1 (alpha, intel) but provides 0.9.5a-7.6.x RPMs for 6.2 (alpha, intel, sparc) So, when RHN pulled this user account to send out the email, there were both 7.1 and 6.2 systems on the profile, but the email did not communicate that two different versions of the packages were necessary to update the profiled systems. So, the good news is that those are the latest RPMs for the 6.2 release. However, we need to look at the code putting together the emails and avert this in the future.