openssl security update for Stronghold

A new Stronghold 4 release is available which contains an updated fix for
the OpenSSL ASN1 vulnerability.

OpenSSL is a commercial-grade, full-featured, open source toolkit which
implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) protocols, as well as a full-strength general purpose
cryptography library.

The OpenSSL group found an issue in the patch that was released to fix the
previous vulnerability in the ASN.1 routines (RHSA-2002-164,
CAN-2002-0659). The previous patch did not completely eliminate the
initial vulnerability and could lead to Denial of Service (DoS) attacks
against a server. It has not been verified if this issue could lead to
further consequences, such as remote code execution.

We have backported the security fixes for the versions of OpenSSL
and mm included in Stronghold 4. The fixed packages are now available via
the update agent service; run

$ bin/agent

from the Stronghold 4 install root to upgrade an existing Stronghold 4
installation to the new package versions. After upgrading Stronghold, the
server must be completely restarted by running the following commands from
the install root:

$ bin/stop-server
$ bin/start-server

For more information on how to upgrade between releases of Stronghold 4,
see http://stronghold.redhat.com/support/upgrade-sh4

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0659

OpenSSL