Description of Problem:
The openssl096-0.9.6 package for 7.2 supercedes the openssl-0.9.6b-8
package but is not given as a "Newer Version" in RHN.
openssl-0.9.6b-4 package in 7.1 had a security problem - does the
openssl-0.9.6b-8 for 7.2 have this problem too, and should users upgrade?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install RH7.1
2. upgrade to 7.2 in non-recommended fashion (rpm -Fvh *.rpm)
3. look for security updates on RHN
openssl-0.9.6b-8 installed and not marked as having newer version
Should have openssl096-0.9.6 offerred as newer release of same software.
Apologies if not a bug.
Still could be a security issue to many users (especially those using
ReiserFS or XFS who can't upgrade using the RedHat approved method on the
I don't think that you have a bug here. Basically this is what's going on. The
openssl096-0.9.6 package is actually a compat library providing libssl.so.0.9.6
and libcrypto.so.0.9.6. This is in contrast to the openssl-0.9.6b-8 package
shipped with 7.2 which provides libssl.so.0.9.6b and libcrypto-0.9.6b. So, the
net result is that as long as you don't have code on your system which depends
on the old 0.9.6 libraries, you will not need the openssl096 compat package.
Openssl096 does not replace openssl-0.9.6b, nor the other way around.
Furthermore, openssl-0.9.6b-8 is indeed the latest security release from Red
Hat, so you do have the latest stuff.