Bug 50780 - OpenSSL v0.9.5a RPM installed instead of v0.9.6a version listed in errata
Summary: OpenSSL v0.9.5a RPM installed instead of v0.9.6a version listed in errata
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: up2date   
(Show other bugs)
Version: 4.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Adrian Likins
QA Contact: Jay Turner
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-08-03 01:29 UTC by Graham Leggett
Modified: 2015-01-07 23:50 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-06 11:03:15 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
OpenSSL v0.9.6a announcement email (3.27 KB, text/plain)
2001-08-05 20:25 UTC, Graham Leggett
no flags Details

Description Graham Leggett 2001-08-03 01:29:23 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.73 [en] (X11; I; Linux 2.4.6 ppc)

Description of problem:
When using the "up2date openssl" command to update OpenSSL under Redhat
v6.2 as per a published security errata, the wrong version of OpenSSL is
installed.


How reproducible:
Always

Steps to Reproduce:
1. Run up2date openssl on a Redhat v6.2 system
2. See the following:

RPM conflict error.  The message was:
Test install failed because of package conflicts:
package openssl-0.9.5a-7.6.x is already installed
                          ^^^^^^



Expected Results:  OpenSSL v0.9.6a is supposed to be installed, not
v0.9.5a. The Redhat Network support people have been notified about this a
number of weeks ago, but have done nothing about it.


Additional info:

Comment 1 Adrian Likins 2001-08-03 01:38:45 UTC
openssl-0.9.5a-7.6.x.i386.rpm is the correct package to be installed,
according to:

http://www.redhat.com/support/errata/RHEA-2000-085.html


If there is a web page indicating that there is a 0.9.6a package
available, please let me know, as there is no such package available
as an errata for any Red Hat Linux release.

Comment 2 Graham Leggett 2001-08-05 20:25:19 UTC
Created attachment 26354 [details]
OpenSSL v0.9.6a announcement email

Comment 3 Graham Leggett 2001-08-05 20:26:03 UTC
The v0.9.6a announcement is attached.


Comment 4 Jay Turner 2001-08-06 11:03:01 UTC
OK, here's what appears to be happening.  This errata (RHSA-2001:051-18)
provides 0.9.6-9 RPMs for 7.0 (alpha, intel) and 7.1 (alpha, intel) but provides
 0.9.5a-7.6.x RPMs for 6.2 (alpha, intel, sparc)  So, when RHN pulled this user
account to send out the email, there were both 7.1 and 6.2 systems on the
profile, but the email did not communicate that two different versions of the
packages were necessary to update the profiled systems.  So, the good news is
that those are the latest RPMs for the 6.2 release.  However, we need to look at
the code putting together the emails and avert this in the future.


Note You need to log in before you can comment on or make changes to this bug.