Bug 70172 - RHSA-2002:155-11 Openssl Fix for Stronghold 3.0 RedHat/3016c
Summary: RHSA-2002:155-11 Openssl Fix for Stronghold 3.0 RedHat/3016c
Alias: None
Product: Stronghold Cross Platform
Classification: Retired
Component: openssl   
(Show other bugs)
Version: 4.0
Hardware: All Linux
Target Milestone: ---
Assignee: Mark J. Cox
QA Contact: Stronghold Engineering List
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2002-07-30 21:23 UTC by Michael Parker
Modified: 2007-04-18 16:44 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-07-30 21:23:45 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Michael Parker 2002-07-30 21:23:41 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204

Description of problem:
Stronghold 3.0 is not listed in the following Security Advisory:

However it used OpenSSL 0.9.6 which is listed as vulnerable in the latest
openssl advisory: http://www.openssl.org/news/secadv_20020730.txt

Updating to the latest is problematic because Stronghold apparently uses a
custom OpenSSL library (see stronghold_check_ssl_init function as an example).

Will an updated version of Stronghold 3.0 be made available?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
See http://rhn.redhat.com/errata/RHSA-2002-155.html

See http://www.openssl.org/news/secadv_20020730.txt

Additional info:

Sorry about the version number above, 3.0 was not a choice.

Comment 1 Mark J. Cox 2002-07-31 07:23:27 UTC
New releases of Stronghold 3.0 containing patches for the OpenSSL issue were
made available yesterday at the Stronghold download site,
http://stronghold.redhat.com/.  It looks like an advisory mentioning this hasn't
been sent out yet, we'll get that fixed.

Note You need to log in before you can comment on or make changes to this bug.