bugzilla | 19 Dec 18:35 2005
Picon

[RHSA-2005:882-01] Important: openssl, php, mod_ssl, mod_imap security update for Stronghold


---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: openssl, php, mod_ssl, mod_imap security update for Stronghold
Advisory ID:       RHSA-2005:882-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-882.html
Issue date:        2005-12-19
Updated on:        2005-12-19
Product:           Stronghold Cross Platform
CVE Names:         CVE-2004-1018 CVE-2004-1019 CVE-2005-0109 CVE-2005-2969 CVE-2005-2700 CVE-2005-3352
CVE-2005-3388 CVE-2005-3389 CVE-2005-3390
---------------------------------------------------------------------

1. Summary:

Updated versions of cross-platform Stronghold that fix security issues in
mod_ssl, mod_imap, OpenSSL, and PHP are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Problem description:

Stronghold 4 contains a number of open source technologies, including
mod_ssl and the Apache HTTP Server.

Several security issues have been found that affect cross-platform
Stronghold 4: 

(Continue reading)

bugzilla | 2 Nov 10:27 2005
Picon

[RHSA-2005:816-00] Important: apache, mod_ssl, php update for Stronghold


---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: apache, mod_ssl, php update for Stronghold
Advisory ID:       RHSA-2005:816-00
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-816.html
Issue date:        2005-11-02
Updated on:        2005-11-02
Product:           Stronghold 4.0 for Red Hat Enterprise Linux
CVE Names:         CVE-2003-0542 CVE-2003-0987 CVE-2004-0488 CVE-2004-0594 CVE-2004-0595 CVE-2004-0885
CVE-2004-0940 CVE-2004-1018 CVE-2004-1019 CVE-2005-2700
---------------------------------------------------------------------

1. Summary:

Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available for Stronghold 4.0 for Enterprise Linux.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1) - i386

3. Problem description:

Several security issues have been found in various packages in Stronghold
4.0:
(Continue reading)

bugzilla | 20 Dec 17:41 2004
Picon

[RHSA-2004:653-01] Stronghold 4: New release fixes Apache and mod_ssl issues


---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Stronghold 4: New release fixes Apache and mod_ssl issues
Advisory ID:       RHSA-2004:653-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-653.html
Issue date:        2004-12-20
Updated on:        2004-12-20
Product:           Stronghold Cross Platform
CVE Names:         CAN-2004-0940 CAN-2003-0987 CAN-2004-0885
---------------------------------------------------------------------

1. Summary:

Updated versions of cross-platform Stronghold that fix security issues in
mod_ssl and the Apache HTTP Server are now available.

2. Problem description:

Stronghold 4 contains a number of open source technologies, including
mod_ssl and the Apache HTTP Server.

A buffer overflow in the get_tag function in mod_include for Apache 1.3.x
to 1.3.32 allows local users who can create SSI documents to execute
arbitrary code as the apache user via SSI (XSSI) documents that trigger a
length calculation error.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0940 to this issue.

mod_digest does not properly verify the nonce of a client response by using
(Continue reading)

Red Hat | 14 Oct 19:35 2004
Picon

End of life for Red Hat Stronghold

Dear Red Hat Stronghold user:

Red Hat Stronghold is reaching the end of its life, but that doesn't
mean you have to lose the benefits and functionality you expect from
your Red Hat subscription. Red Hat has incorporated all of Stronghold's
web server capabilities into later versions of Enterprise Linux. And
with Red Hat's Application Server, you can retain all of Stronghold's
application server functionality.  

What Are Your Options?

Stronghold for Red Hat Enterprise Linux AS 2.1
Red Hat will continue to support existing customers running Stronghold
for Enterprise Linux AS 2.1. To ensure you remain eligible to receive
maintenance and support, keep your Enterprise Linux subscription active
by renewing it each year.  

Stronghold for Unix
Red Hat will continue to support existing customers running Stronghold
for Unix until December 31, 2005. You can renew your Stronghold
subscription until December 31, 2004.

How can I maintain the functionality of Stronghold? 
Since other Red Hat solutions include the capabilities of Stronghold,
you can keep the functionality you need as your technology evolves.

- If you have an active Enterprise Linux 2.1 subscription, upgrade to a
  more recent release (at no fee - this is one of the benefits of an
  active subscription) and purchase a subscription to the Red Hat
  Application Server.  
(Continue reading)

bugzilla | 23 Jul 11:29 2004
Picon

[RHSA-2004:405-02] Stronghold 4: New release fixes Apache, mod_ssl, and PHP issues


---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Stronghold 4: New release fixes Apache, mod_ssl, and PHP issues
Advisory ID:       RHSA-2004:405-02
Issue date:        2004-07-23
Updated on:        2004-07-23
Product:           Stronghold Cross Platform
Keywords:          Apache DoS PHP memory_limit mod_ssl
CVE Names:         CAN-2004-0174 CAN-2004-0488 CAN-2004-0594 CAN-2004-0595 CAN-2004-0700
---------------------------------------------------------------------

1. Summary:

Updated versions of cross-platform Stronghold that fix security issues in
mod_ssl, PHP, and the Apache HTTP Server are now available.

2. Problem description:

Stronghold 4 contains a number of open source technologies, including
PHP, mod_ssl and the Apache HTTP Server.

Stefan Esser discovered a flaw when the memory_limit configuration setting
was enabled in PHP 4 versions prior to 4.3.8. If a remote attacker could
force the PHP interpreter to allocate more memory than the memory_limit
setting before script execution begins, then the attacker may be able to
supply the contents of a PHP hash table remotely. This hash table could
then be used to execute arbitrary code as the 'apache' user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
(Continue reading)

bugzilla | 17 Mar 18:22 2004
Picon

[RHSA-2004:139-01] Stronghold 4: New release fixes OpenSSL and Apache issues


---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Stronghold 4: New release fixes OpenSSL and Apache issues
Advisory ID:       RHSA-2004:139-01
Issue date:        2004-03-17
Updated on:        2004-03-17
Product:           Stronghold Cross Platform
Keywords:          Stronghold
Cross references:  
Obsoletes:         RHSA-2003:290
CVE Names:         CAN-2003-0542 CAN-2003-0851 CAN-2004-0079 CAN-2004-0081
---------------------------------------------------------------------

1. Topic:

Updated versions of Stronghold 4 cross-platform are available that fix
security issues affecting OpenSSL and the Apache HTTP Server. A number
of bug fixes are also included.

2. Problem description:

Stronghold 4 contains a number of open source technologies, including
OpenSSL 0.9.6 and the Apache HTTP Server.

Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can
lead to a denial of service attack (infinite loop). The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
(Continue reading)


Gmane