On Mon, 20 Feb 2017, Pat Riehecky wrote: > Synopsis: Moderate: openssl security update > Advisory ID: SLSA-2017:0286-1 > Issue Date: 2017-02-20 > CVE Numbers: CVE-2016-8610 > CVE-2017-3731 > -- ... ... > SL6 > x86_64 > openssl-1.0.1e-48.el6_8.4.i686.rpm > openssl-1.0.1e-48.el6_8.4.x86_64.rpm > openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm > openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm > openssl-devel-1.0.1e-48.el6_8.4.i686.rpm > openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm > openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm > openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm > i386 > openssl-1.0.1e-48.el6_8.4.i686.rpm > openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm > openssl-devel-1.0.1e-48.el6_8.4.i686.rpm > openssl-perl-1.0.1e-48.el6_8.4.i686.rpm > openssl-static-1.0.1e-48.el6_8.4.i686.rpm This update hasn't arrived at my end yet, so I went poking: # yum --enablerepo=sl-security --showduplicates list openssl Loaded plugins: auto-update-debuginfo, fastestmirror, refresh-packagekit, : security Loading mirror speeds from cached hostfile * elrepo: mirrors.coreix.net * epel: www.mirrorservice.org * epel-debuginfo: www.mirrorservice.org * sl: ftp1.scientificlinux.org * sl-debuginfo: ftp1.scientificlinux.org * sl-fastbugs: ftp1.scientificlinux.org * sl-security: ftp1.scientificlinux.org * sl6x: ftp1.scientificlinux.org * sl6x-fastbugs: ftp1.scientificlinux.org * sl6x-security: ftp1.scientificlinux.org Installed Packages openssl.i686 1.0.1e-48.sl6_8.3 @sl-security openssl.x86_64 1.0.1e-48.sl6_8.3 @sl-security Available Packages openssl.i686 1.0.1e-48.el6 sl openssl.i686 1.0.1e-48.el6 sl6x openssl.x86_64 1.0.1e-48.el6 sl openssl.x86_64 1.0.1e-48.el6 sl6x openssl.i686 1.0.1e-48.el6_8.1 sl-security openssl.i686 1.0.1e-48.el6_8.1 sl6x-security openssl.x86_64 1.0.1e-48.el6_8.1 sl-security openssl.x86_64 1.0.1e-48.el6_8.1 sl6x-security openssl.i686 1.0.1e-48.el6_8.4 sl-security openssl.i686 1.0.1e-48.el6_8.4 sl6x-security openssl.x86_64 1.0.1e-48.el6_8.4 sl-security openssl.x86_64 1.0.1e-48.el6_8.4 sl6x-security openssl.i686 1.0.1e-48.sl6_8.3 sl-security openssl.i686 1.0.1e-48.sl6_8.3 sl6x-security openssl.x86_64 1.0.1e-48.sl6_8.3 sl-security openssl.x86_64 1.0.1e-48.sl6_8.3 sl6x-security I note that the 6_8.3 versions are el..., whereas the 6_8.4 are all sl... Of course sl6_8.3 comes after el6_8.4 so the updates are ignored :-( I'm now confused, should they be el6... or sl6... ? (I'm also confused about whether I should be using sl-security or sl6-security, but that is less important). Thanks, -- Andrew C Aitchison