From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204 Description of problem: Stronghold 3.0 is not listed in the following Security Advisory: http://rhn.redhat.com/errata/RHSA-2002-155.html However it used OpenSSL 0.9.6 which is listed as vulnerable in the latest openssl advisory: http://www.openssl.org/news/secadv_20020730.txt Updating to the latest is problematic because Stronghold apparently uses a custom OpenSSL library (see stronghold_check_ssl_init function as an example). Will an updated version of Stronghold 3.0 be made available? Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: See http://rhn.redhat.com/errata/RHSA-2002-155.html See http://www.openssl.org/news/secadv_20020730.txt Additional info: Sorry about the version number above, 3.0 was not a choice.
New releases of Stronghold 3.0 containing patches for the OpenSSL issue were made available yesterday at the Stronghold download site, http://stronghold.redhat.com/. It looks like an advisory mentioning this hasn't been sent out yet, we'll get that fixed.