Updated versions of Stronghold 3.0 are available to fix a number of
vulnerabilities in OpenSSL, Apache, and PHP.
Stronghold 3.0 contains a number of open source technologies such as
OpenSSL, Apache, and PHP. The following paragraphs describe a number of
issues that have been found in versions of these projects.
In a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin
Vuagnoux describe and demonstrate a timing-based attack on CBC ciphersuites
in SSL and TLS. An active attacker may be able to use timing observations
to distinguish between two different error cases: cipher padding errors and
MAC verification errors. Over multiple connections this can leak
sufficient information to be able to retrieve the plain text of a common,
fixed block. In order for an attack to be successful an attacker must be
able to act as a man-in-the-middle to intercept and modify multiple
connections which all involve a common fixed plain text block (such as a
password), and have good network conditions that allow small changes in
timing to be reliably observed.
The SSL timing attack announced recently by David Brumly and Dan Boneh
is not fixed by this erratum; this new issue will be addressed by a
future erratum release.
The Apache Web server does not prevent escape sequences from being written
to log files. This could allow an attacker to embed arbitrary escape
sequences into log files. A recent paper by HD Moore highlighted
several issues where common terminal emulator software (such as xterm) can
be remotely abused or exploited by displaying arbitrary escape sequences.
The MySQL client library (libmysqlclient) used in the PHP MySQL extension
in PHP versions earlier than 4.3.0 does not properly verify length fields
for certain responses in the read_rows or read_one_row routines, which
allows a malicious server to cause a denial of service and possibly execute
arbitrary code.
Stronghold 3.0 contains OpenSSL 0.9.6b, Apache 1.3.22, and PHP
4.1.2 and is, therefore, vulnerable to these issues. Users of Stronghold are
advised to update to the errata versions of Stronghold 3.0 which contain
backported security fixes and are not vulnerable to these issues.
We have backported the security fixes for the versions of OpenSSL, Apache
and PHP included in Stronghold 3. Stronghold 3.0 build code 3021 is now
available which includes these fixes, and can be downloaded from
http://stronghold.redhat.com/sh3/For information on how to upgrade between releases of Stronghold 3.0, see
http://stronghold.redhat.com/support/upgrade-sh3.xml
apache, openssl, php security update for Stronghold