Article ID: 2563, created on Oct 29, 2007, last review on Apr 18, 2012

  • Applies to:
  • Pro Control Panel Linux

AdditionalInformation

View Knowledge
Knowledge ID 1712
Product : WEBppliance for Linux
Version : 3.1.10
Topic : FAQ

Title
Security Patch : WEBppliance Pro for Linux 3.1.10 (LS)

Summary
Security Patch : WEBppliance Pro for Linux 3.1.10 (LS)

Prevention


Details
WEBppliance 3.1.10 LS

WEBppliance 3.1.10 provides a security patch that resolves the OpenSSL vulnerability
that allows a potential timing-based attack and a modified Bleichenbacher attack.
It also fixes one high priority bug.

Compatibility 

This Patch requires WEBppliance 3.1.9 to be installed on your server.

NOTE : This patch will not install on any other version of WEBppliance other than 3.1.9

Security patch for OpenSSL Vulnerability

  1. OpenSSL vulnerability that allows a potential timing-based attack and a modified
    Bleichenbacher attack. 

    The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a 
    allow remote attackers to perform an unauthorized RSA private key operation via 
    a modified Bleichenbacher attack that uses a large number of SSL or TLS connections 
    using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the 
    relationship between ciphertext and the associated plaintext, aka the 
    "Klima-Pokorny-Rosa attack." 

    Advisory details for the security patch are available at the following URL: 
    http://rhn.redhat.com/errata/RHSA-2003-101.html 

Other Resolved Issues :

  • After upgrading the existing WEBppliance 3.1.x server, domain preview using 
    http://servername/domainname/ was broken. This problem is corrected in 
    WEBppliance 3.1.10. 

Installation instructions 

Download site:  (be sure to downloadusing BINARY mode)
http://download.swsoft.com/ensim/download/webppliance/linux/patches/3.1.10/

To install the patch, please follow the instructions below: 

  1. Download the file LS-3.1.10-1.tar.gz
  2. Uncompress the file:
    tar -xvzf LS-3.1.10-1.tar.gz
  3. Change the current directory to the directory where you have uncompressed the file:
    cd LS-3.1.10-1 
  4. Run the following command 
    # sh ./patch-install-3.1.10-1.sh 
    The install script verifies the current installation of WEBppliance to ensure that it complies with the patch requirements and then upgrades the required RPMs (requires root access).

    This install script will automatically restart httpd (apache) and webppliance services.

Attachments


Related Knowledge

Related Links
 
Last ModifiedUsageSatisfiedLast Used
8/20/2004 12:34:29 PM26 10/11/2007 6:52:15 AM

4cc899da08664637a8bc437308d3ddd7 3ccb419cf98083f3bb45808fba8dbc7c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF