[EBA-20011130-01] 'imap' expired default certificates

From:	 EnGarde Secure Linux <security@guardiandigital.com>
To:	 engarde-security@guardiandigital.com
Subject: [EBA-20011130-01] 'imap' expired default certificates
Date:	 Thu, 29 Nov 2001 15:26:37 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


+------------------------------------------------------------------------+
| EnGarde Secure Linux Bug Fix Advisory                November 30, 2001 |
| http://www.engardelinux.org/                           EBA-20011130-01 |
|                                                                        |
| Package:  imap                                                         |
| Summary:  'imap' expired default certificates                          |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.


OVERVIEW
- --------
  The default certificate for the simap and spop3 services expired on
  Tuesday, November 27, 2001.  This update re-issues those certificates.


DETAIL
- ------
  The 'imap' package ships with default certificate files for the simap
  and spop3 services.  These "certificate files" are actually files that
  contain both the certificate and private key for the service.

  These default certificate files expired on Tuesday, November 27 2001 at
  21:36:31 GMT.  Clients attempting to retrieve their email from servers
  still using the default certificate files could potentially experience
  problems if these certificate files are not updated.

  Those users are recommended to upgrade to this latest version
  immediately.

  Please note that users who have generated their own certificate files do
  NOT need to apply this update.  It is only required for users who are
  still using the "default" certificate files distributed with EnGarde
  v1.0.1.  If you install this updated package it will overwrite your
  existing certificate files, be it the "default" or your own (potentially
  signed) ones.

  Guardian Digital strongly recommends users generate their own
  certificates files.  Instructions for doing so can be found at:

    http://mail-archives.engardelinux.org/engarde-users/2001/Jun/0259.html


SOLUTION
- --------
  All users should upgrade to the most recent version as outlined in
  this advisory.

  Guardian Digital recently made available the Guardian Digital Secure
  Update, a means to proactively keep systems secure and manage 
  system software. EnGarde users can automatically update their system
  using the Guardian Digital WebTool secure interface.

  If choosing to manually upgrade this package, updates can be
  obtained from:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh <filename>

  You must now update the LIDS configuration by executing the command:

    # /usr/sbin/config_lids.pl

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signatures of the updated packages, execute the command:

    # rpm -Kv <filename>

  Once the packages are installed you must restart the simap and spop3
  services, should you already have them running, by executing the commands:

    # /etc/init.d/stunnel-imap restart
    # /etc/init.d/stunnel-pop3 restart


UPDATED PACKAGES
- ----------------
  These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra).

  Source Packages:

    SRPMS/imap-2000c-1.0.20.src.rpm
      MD5 Sum:  ec34e39ad5597adba37769aae345ba5c

  Binary Packages:

    i386/imap-2000c-1.0.20.i386.rpm
      MD5 Sum:  c5d4147f21488cb360a6ce111c4feb26

    i686/imap-2000c-1.0.20.i686.rpm
      MD5 Sum:  e48901bd3412c4ef8ee8e4a89fb03644


REFERENCES
- ----------
  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  imap's Official Web Site:
    http://www.washington.edu/imap/

  Security Contact:    security@guardiandigital.com
  EnGarde Advisories:  http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: EBA-20011129-01-imap,v 1.2 2001/11/29 19:40:42 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com> 
Copyright 2001, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8BpoOHD5cqd57fu0RAmEwAJ9abVrmsubdsAf9g4QW11KVl35dkwCfcRfr
wRM1W11hsrzdQKqD9yVwuz0=
=diyP
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
     To unsubscribe email engarde-security-request@engardelinux.org
         with "unsubscribe" in the subject of the message.

Copyright(c) 2001 Guardian Digital, Inc.                EnGardeLinux.org
------------------------------------------------------------------------