Red Hat doesn't release new major version numbers of packages for security advisories. Instead, they patch the existing version number with only what is required to fix the hole. It would be irresponsible to force systems into new, untested features just to plug a vulnerability.
This page outlines the updated RPMS: http://rhn.redhat.com/errata/RHSA-2002-160.html -Tim John Hebert wrote: >Howdy, > >I'm the admin for a RedHat 7.3 box and though I don't >have OpenSSL running on it, I'd like to know how to >upgrade OpenSSL to the latest (0.9.6g). How do I do >this if I can't find an RPM for openssl-0.9.6g? I know >I can uninstall the current version of OpenSSL >(0.9.6b) and compile it from source, but that of >course would cause a bunch of dependencies to cough. > >Is there some magic rpm --incantation I'm not aware >of? > >Thanks, >John Hebert > >__________________________________________________ >Do you Yahoo!? >Yahoo! News - Today's headlines >http://news.yahoo.com > >_______________________________________________ >General mailing list >[email protected] >http://host19.nocdirect.com/mailman/listinfo/general_brlug.net > >
