Security Patch : WEBppliance Pro for Linux 3.1.10 (LS)

Article ID: 2563 
Last Review: Oct,6 2008
Author:
Last updated by: system APPLIES TO:
  • Parallels Pro Control Panel Linux

Additional information

View Knowledge
Knowledge ID 1712
Product : WEBppliance for Linux
Version : 3.1.10
Topic : FAQ

Title
Security Patch : WEBppliance Pro for Linux 3.1.10 (LS)

Summary
Security Patch : WEBppliance Pro for Linux 3.1.10 (LS)

Prevention


Details
WEBppliance 3.1.10 LS

WEBppliance 3.1.10 provides a security patch that resolves the OpenSSL vulnerability
that allows a potential timing-based attack and a modified Bleichenbacher attack.
It also fixes one high priority bug.

Compatibility 

This Patch requires WEBppliance 3.1.9 to be installed on your server.

NOTE : This patch will not install on any other version of WEBppliance other than 3.1.9

Security patch for OpenSSL Vulnerability

  1. OpenSSL vulnerability that allows a potential timing-based attack and a modified
    Bleichenbacher attack. 

    The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a 
    allow remote attackers to perform an unauthorized RSA private key operation via 
    a modified Bleichenbacher attack that uses a large number of SSL or TLS connections 
    using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the 
    relationship between ciphertext and the associated plaintext, aka the 
    "Klima-Pokorny-Rosa attack." 

    Advisory details for the security patch are available at the following URL: 
    http://rhn.redhat.com/errata/RHSA-2003-101.html 

Other Resolved Issues :

  • After upgrading the existing WEBppliance 3.1.x server, domain preview using 
    http://servername/domainname/ was broken. This problem is corrected in 
    WEBppliance 3.1.10. 

Installation instructions 

Download site:  (be sure to downloadusing BINARY mode)
http://download.swsoft.com/ensim/download/webppliance/linux/patches/3.1.10/

To install the patch, please follow the instructions below: 

  1. Download the file LS-3.1.10-1.tar.gz
  2. Uncompress the file:
    tar -xvzf LS-3.1.10-1.tar.gz
  3. Change the current directory to the directory where you have uncompressed the file:
    cd LS-3.1.10-1 
  4. Run the following command 
    # sh ./patch-install-3.1.10-1.sh 
    The install script verifies the current installation of WEBppliance to ensure that it complies with the patch requirements and then upgrades the required RPMs (requires root access).

    This install script will automatically restart httpd (apache) and webppliance services.

Attachments


Related Knowledge

Related Links
 
Last ModifiedUsageSatisfiedLast Used
8/20/2004 12:34:29 PM26 10/11/2007 6:52:15 AM


Subscription for this article changesSubscription for this article changes

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
* - required fields