Red Hat Bugzilla – Bug 70172
RHSA-2002:155-11 Openssl Fix for Stronghold 3.0 RedHat/3016c
Last modified: 2007-04-18 12:44:54 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204
Description of problem:
Stronghold 3.0 is not listed in the following Security Advisory:
However it used OpenSSL 0.9.6 which is listed as vulnerable in the latest
openssl advisory: http://www.openssl.org/news/secadv_20020730.txt
Updating to the latest is problematic because Stronghold apparently uses a
custom OpenSSL library (see stronghold_check_ssl_init function as an example).
Will an updated version of Stronghold 3.0 be made available?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Sorry about the version number above, 3.0 was not a choice.
New releases of Stronghold 3.0 containing patches for the OpenSSL issue were
made available yesterday at the Stronghold download site,
http://stronghold.redhat.com/. It looks like an advisory mentioning this hasn't
been sent out yet, we'll get that fixed.