Red Hat Bugzilla – Bug 56328
New openssl096 ignored in Red Hat Linux 7.2
Last modified: 2015-01-07 18:52:58 EST
Description of Problem: The openssl096-0.9.6 package for 7.2 supercedes the openssl-0.9.6b-8 package but is not given as a "Newer Version" in RHN. openssl-0.9.6b-4 package in 7.1 had a security problem - does the openssl-0.9.6b-8 for 7.2 have this problem too, and should users upgrade? Version-Release number of selected component (if applicable): How Reproducible: Steps to Reproduce: 1. Install RH7.1 2. upgrade to 7.2 in non-recommended fashion (rpm -Fvh *.rpm) 3. look for security updates on RHN Actual Results: openssl-0.9.6b-8 installed and not marked as having newer version Expected Results: Should have openssl096-0.9.6 offerred as newer release of same software. Additional Information: Apologies if not a bug. Still could be a security issue to many users (especially those using ReiserFS or XFS who can't upgrade using the RedHat approved method on the CDs yet).
I don't think that you have a bug here. Basically this is what's going on. The openssl096-0.9.6 package is actually a compat library providing libssl.so.0.9.6 and libcrypto.so.0.9.6. This is in contrast to the openssl-0.9.6b-8 package shipped with 7.2 which provides libssl.so.0.9.6b and libcrypto-0.9.6b. So, the net result is that as long as you don't have code on your system which depends on the old 0.9.6 libraries, you will not need the openssl096 compat package. Openssl096 does not replace openssl-0.9.6b, nor the other way around. Furthermore, openssl-0.9.6b-8 is indeed the latest security release from Red Hat, so you do have the latest stuff.