Bug 70172 - RHSA-2002:155-11 Openssl Fix for Stronghold 3.0 RedHat/3016c
RHSA-2002:155-11 Openssl Fix for Stronghold 3.0 RedHat/3016c
Product: Stronghold Cross Platform
Classification: Retired
Component: openssl (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mark J. Cox (Product Security)
Stronghold Engineering List
: Security
Depends On:
  Show dependency treegraph
Reported: 2002-07-30 17:23 EDT by Michael Parker
Modified: 2007-04-18 12:44 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-07-30 17:23:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michael Parker 2002-07-30 17:23:41 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204

Description of problem:
Stronghold 3.0 is not listed in the following Security Advisory:

However it used OpenSSL 0.9.6 which is listed as vulnerable in the latest
openssl advisory: http://www.openssl.org/news/secadv_20020730.txt

Updating to the latest is problematic because Stronghold apparently uses a
custom OpenSSL library (see stronghold_check_ssl_init function as an example).

Will an updated version of Stronghold 3.0 be made available?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
See http://rhn.redhat.com/errata/RHSA-2002-155.html

See http://www.openssl.org/news/secadv_20020730.txt

Additional info:

Sorry about the version number above, 3.0 was not a choice.
Comment 1 Mark J. Cox (Product Security) 2002-07-31 03:23:27 EDT
New releases of Stronghold 3.0 containing patches for the OpenSSL issue were
made available yesterday at the Stronghold download site,
http://stronghold.redhat.com/.  It looks like an advisory mentioning this hasn't
been sent out yet, we'll get that fixed.

Note You need to log in before you can comment on or make changes to this bug.