From bugzilla at redhat.com Mon Dec 20 16:41:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 Dec 2004 11:41 -0500 Subject: [RHSA-2004:653-01] Stronghold 4: New release fixes Apache and mod_ssl issues Message-ID: <200412201641.iBKGfba05404@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Stronghold 4: New release fixes Apache and mod_ssl issues Advisory ID: RHSA-2004:653-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2004-653.html Issue date: 2004-12-20 Updated on: 2004-12-20 Product: Stronghold Cross Platform CVE Names: CAN-2004-0940 CAN-2003-0987 CAN-2004-0885 - --------------------------------------------------------------------- 1. Summary: Updated versions of cross-platform Stronghold that fix security issues in mod_ssl and the Apache HTTP Server are now available. 2. Problem description: Stronghold 4 contains a number of open source technologies, including mod_ssl and the Apache HTTP Server. A buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0940 to this issue. mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that mod_digest implements an older version of the MD5 Digest Authentication specification which is known not to work with modern browsers. This issue does not affect mod_auth_digest. (CAN-2003-0987) The mod_ssl module, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. (CAN-2004-0885) Users of Stronghold 4 cross-platform are advised to update to these errata versions, which contain backported security fixes and are not vulnerable to these issues. 3. Solution: Updated Stronghold 4 packages are now available via the update agent service. Run the following command from the Stronghold 4 install root to upgrade an existing Stronghold 4 installation to the new package versions: $ bin/agent The Stronghold 4.0j patch release which contains these updated packages is also available from the download site. After upgrading Stronghold, the server must be completely restarted by running the following commands from the install root: $ bin/stop-server $ bin/start-server For more information on how to upgrade between releases of Stronghold 4, refer to http://stronghold.redhat.com/support/upgrade-sh4 4. References: http://stronghold.redhat.com/support/upgrade-sh4 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885 5. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBxwCxXlSAg2UNWIIRApGTAJ9ih1qOay55fDxGh/R7aFx3XjY/wQCeIt6o sDUaziDvi0X8G8yruw/VGW0= =EAYD -----END PGP SIGNATURE-----