Bug 56328 - New openssl096 ignored in Red Hat Linux 7.2
Summary: New openssl096 ignored in Red Hat Linux 7.2
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Other   
(Show other bugs)
Version: unspecified
Hardware: i386 Linux
Target Milestone: ---
Assignee: Cristian Gafton
QA Contact: Jay Turner
URL: https://rhn.redhat.com/network/packag...
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-11-15 17:43 UTC by Nic Doye
Modified: 2015-01-07 23:52 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-11-15 17:43:41 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Nic Doye 2001-11-15 17:43:36 UTC
Description of Problem:

The openssl096-0.9.6 package for 7.2 supercedes the openssl-0.9.6b-8 
package but is not given as a "Newer Version" in RHN.

openssl-0.9.6b-4 package in 7.1 had a security problem - does the 
openssl-0.9.6b-8 for 7.2 have this problem too, and should users upgrade?

Version-Release number of selected component (if applicable):

How Reproducible:

Steps to Reproduce:
1. Install RH7.1
2. upgrade to 7.2 in non-recommended fashion (rpm -Fvh *.rpm)
3. look for security updates on RHN

Actual Results:
openssl-0.9.6b-8  installed and not marked as having newer version

Expected Results:
Should have openssl096-0.9.6 offerred as newer release of same software.

Additional Information:
Apologies if not a bug.
Still could be a security issue to many users (especially those using 
ReiserFS or XFS who can't upgrade using the RedHat approved method on the 
CDs yet).

Comment 1 Jay Turner 2001-11-16 13:27:20 UTC
I don't think that you have a bug here.  Basically this is what's going on.  The
openssl096-0.9.6 package is actually a compat library providing libssl.so.0.9.6
and libcrypto.so.0.9.6.  This is in contrast to the openssl-0.9.6b-8 package
shipped with 7.2 which provides libssl.so.0.9.6b and libcrypto-0.9.6b.  So, the
net result is that as long as you don't have code on your system which depends
on the old 0.9.6 libraries, you will not need the openssl096 compat package. 
Openssl096 does not replace openssl-0.9.6b, nor the other way around. 
Furthermore, openssl-0.9.6b-8 is indeed the latest security release from Red
Hat, so you do have the latest stuff.

Note You need to log in before you can comment on or make changes to this bug.