Bug 50780 - OpenSSL v0.9.5a RPM installed instead of v0.9.6a version listed in errata
OpenSSL v0.9.5a RPM installed instead of v0.9.6a version listed in errata
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: up2date (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Adrian Likins
Jay Turner
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-02 21:29 EDT by Graham Leggett
Modified: 2015-01-07 18:50 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-06 07:03:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
OpenSSL v0.9.6a announcement email (3.27 KB, text/plain)
2001-08-05 16:25 EDT, Graham Leggett
no flags Details

  None (edit)
Description Graham Leggett 2001-08-02 21:29:23 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.73 [en] (X11; I; Linux 2.4.6 ppc)

Description of problem:
When using the "up2date openssl" command to update OpenSSL under Redhat
v6.2 as per a published security errata, the wrong version of OpenSSL is
installed.


How reproducible:
Always

Steps to Reproduce:
1. Run up2date openssl on a Redhat v6.2 system
2. See the following:

RPM conflict error.  The message was:
Test install failed because of package conflicts:
package openssl-0.9.5a-7.6.x is already installed
                          ^^^^^^



Expected Results:  OpenSSL v0.9.6a is supposed to be installed, not
v0.9.5a. The Redhat Network support people have been notified about this a
number of weeks ago, but have done nothing about it.


Additional info:
Comment 1 Adrian Likins 2001-08-02 21:38:45 EDT
openssl-0.9.5a-7.6.x.i386.rpm is the correct package to be installed,
according to:

http://www.redhat.com/support/errata/RHEA-2000-085.html


If there is a web page indicating that there is a 0.9.6a package
available, please let me know, as there is no such package available
as an errata for any Red Hat Linux release.
Comment 2 Graham Leggett 2001-08-05 16:25:19 EDT
Created attachment 26354 [details]
OpenSSL v0.9.6a announcement email
Comment 3 Graham Leggett 2001-08-05 16:26:03 EDT
The v0.9.6a announcement is attached.
Comment 4 Jay Turner 2001-08-06 07:03:01 EDT
OK, here's what appears to be happening.  This errata (RHSA-2001:051-18)
provides 0.9.6-9 RPMs for 7.0 (alpha, intel) and 7.1 (alpha, intel) but provides
 0.9.5a-7.6.x RPMs for 6.2 (alpha, intel, sparc)  So, when RHN pulled this user
account to send out the email, there were both 7.1 and 6.2 systems on the
profile, but the email did not communicate that two different versions of the
packages were necessary to update the profiled systems.  So, the good news is
that those are the latest RPMs for the 6.2 release.  However, we need to look at
the code putting together the emails and avert this in the future.

Note You need to log in before you can comment on or make changes to this bug.