From bugzilla at redhat.com  Wed Mar 17 17:22:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 17 Mar 2004 12:22 -0500
Subject: [RHSA-2004:139-01] Stronghold 4: New release fixes OpenSSL and
	Apache issues
Message-ID: <200403171722.i2HHMfl20601@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Stronghold 4: New release fixes OpenSSL and Apache issues
Advisory ID:       RHSA-2004:139-01
Issue date:        2004-03-17
Updated on:        2004-03-17
Product:           Stronghold Cross Platform
Keywords:          Stronghold
Cross references:  
Obsoletes:         RHSA-2003:290
CVE Names:         CAN-2003-0542 CAN-2003-0851 CAN-2004-0079 CAN-2004-0081
- ---------------------------------------------------------------------

1. Topic:

Updated versions of Stronghold 4 cross-platform are available that fix
security issues affecting OpenSSL and the Apache HTTP Server. A number
of bug fixes are also included.

2. Problem description:

Stronghold 4 contains a number of open source technologies, including
OpenSSL 0.9.6 and the Apache HTTP Server.

Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can
lead to a denial of service attack (infinite loop). The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0081 to this issue.

Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a null-pointer assignment in the do_change_cipher_spec() function
in OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could
send a carefully crafted SSL/TLS handshake which could lead to a denial of
service attack.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0079 to this issue.

Testing performed by Novell using a test suite provided by NISCC uncovered
an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l
which could cause large recursion and possibly lead to a denial of service
attack if used where stack space is limited. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851
to this issue.

An issue in the handling of regular expressions from configuration files
was discovered in releases of the Apache HTTP Server version 1.3 prior to
1.3.29. To exploit this issue an attacker would need to have the ability
to write to Apache configuration files such as .htaccess or httpd.conf. A
carefully-crafted configuration file can cause an exploitable buffer
overflow and would allow the attacker to execute arbitrary code in the
context of the server. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0542 to this issue.

Users of Stronghold 4 cross-platform are advised to update to these errata
versions, which contain backported security fixes and are not vulnerable to
these issues.

3. Solution:

Updated Stronghold 4 packages are now available via the update agent
service. Run the following command from the Stronghold 4 install root to
upgrade an existing Stronghold 4 installation to the new package versions:

$ bin/agent

The Stronghold 4.0h patch release which contains these updated packages is
also available from the download site.

After upgrading Stronghold, the server must be completely restarted by
running the following commands from the install root:

$ bin/stop-server
$ bin/start-server

For more information on how to upgrade between releases of Stronghold 4,
refer to http://stronghold.redhat.com/support/upgrade-sh4

4. Verificationx:

MD5 sum                          Package Name
- --------------------------------------------------------------------------



These packages are GPG signed by Red Hat for security.  Our key is
available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


5. References:

http://www.niscc.gov.uk/
http://www.codenomicon.com/testtools/tls/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0081

6. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAWIkRXlSAg2UNWIIRAlkWAKCWaR2HqKY80wIHgFs9FXSlXaeMLwCeNZyE
17mbnYuUy192Hz3NxH0fGvA=
=MBnd
-----END PGP SIGNATURE-----