Bug 70172 - RHSA-2002:155-11 Openssl Fix for Stronghold 3.0 RedHat/3016c
Summary: RHSA-2002:155-11 Openssl Fix for Stronghold 3.0 RedHat/3016c
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Stronghold Cross Platform
Classification: Retired
Component: openssl
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Mark J. Cox
QA Contact: Stronghold Engineering List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-07-30 21:23 UTC by Michael Parker
Modified: 2007-04-18 16:44 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2002-07-30 21:23:45 UTC
Embargoed:

Attachments (Terms of Use)

Description Michael Parker 2002-07-30 21:23:41 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204

Description of problem:
Stronghold 3.0 is not listed in the following Security Advisory:
http://rhn.redhat.com/errata/RHSA-2002-155.html

However it used OpenSSL 0.9.6 which is listed as vulnerable in the latest
openssl advisory: http://www.openssl.org/news/secadv_20020730.txt

Updating to the latest is problematic because Stronghold apparently uses a
custom OpenSSL library (see stronghold_check_ssl_init function as an example).

Will an updated version of Stronghold 3.0 be made available?

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
See http://rhn.redhat.com/errata/RHSA-2002-155.html

See http://www.openssl.org/news/secadv_20020730.txt

Additional info:

Sorry about the version number above, 3.0 was not a choice.
Comment 1 Mark J. Cox 2002-07-31 07:23:27 UTC 
New releases of Stronghold 3.0 containing patches for the OpenSSL issue were
made available yesterday at the Stronghold download site,
http://stronghold.redhat.com/.  It looks like an advisory mentioning this hasn't
been sent out yet, we'll get that fixed.
Note You need to log in before you can comment on or make changes to this bug.