From: EnGarde Secure Linux <security@guardiandigital.com> To: engarde-security@guardiandigital.com Subject: [EBA-20011130-01] 'imap' expired default certificates Date: Thu, 29 Nov 2001 15:26:37 -0500 (EST) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------+ | EnGarde Secure Linux Bug Fix Advisory November 30, 2001 | | http://www.engardelinux.org/ EBA-20011130-01 | | | | Package: imap | | Summary: 'imap' expired default certificates | +------------------------------------------------------------------------+ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, complete e-commerce using AllCommerce, and integrated open source security tools. OVERVIEW - -------- The default certificate for the simap and spop3 services expired on Tuesday, November 27, 2001. This update re-issues those certificates. DETAIL - ------ The 'imap' package ships with default certificate files for the simap and spop3 services. These "certificate files" are actually files that contain both the certificate and private key for the service. These default certificate files expired on Tuesday, November 27 2001 at 21:36:31 GMT. Clients attempting to retrieve their email from servers still using the default certificate files could potentially experience problems if these certificate files are not updated. Those users are recommended to upgrade to this latest version immediately. Please note that users who have generated their own certificate files do NOT need to apply this update. It is only required for users who are still using the "default" certificate files distributed with EnGarde v1.0.1. If you install this updated package it will overwrite your existing certificate files, be it the "default" or your own (potentially signed) ones. Guardian Digital strongly recommends users generate their own certificates files. Instructions for doing so can be found at: http://mail-archives.engardelinux.org/engarde-users/2001/Jun/0259.html SOLUTION - -------- All users should upgrade to the most recent version as outlined in this advisory. Guardian Digital recently made available the Guardian Digital Secure Update, a means to proactively keep systems secure and manage system software. EnGarde users can automatically update their system using the Guardian Digital WebTool secure interface. If choosing to manually upgrade this package, updates can be obtained from: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ http://ftp.engardelinux.org/pub/engarde/stable/updates/ Before upgrading the package, the machine must either: a) be booted into a "standard" kernel; or b) have LIDS disabled. To disable LIDS, execute the command: # /sbin/lidsadm -S -- -LIDS_GLOBAL To install the updated package, execute the command: # rpm -Uvh <filename> You must now update the LIDS configuration by executing the command: # /usr/sbin/config_lids.pl To re-enable LIDS (if it was disabled), execute the command: # /sbin/lidsadm -S -- +LIDS_GLOBAL To verify the signatures of the updated packages, execute the command: # rpm -Kv <filename> Once the packages are installed you must restart the simap and spop3 services, should you already have them running, by executing the commands: # /etc/init.d/stunnel-imap restart # /etc/init.d/stunnel-pop3 restart UPDATED PACKAGES - ---------------- These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra). Source Packages: SRPMS/imap-2000c-1.0.20.src.rpm MD5 Sum: ec34e39ad5597adba37769aae345ba5c Binary Packages: i386/imap-2000c-1.0.20.i386.rpm MD5 Sum: c5d4147f21488cb360a6ce111c4feb26 i686/imap-2000c-1.0.20.i686.rpm MD5 Sum: e48901bd3412c4ef8ee8e4a89fb03644 REFERENCES - ---------- Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY imap's Official Web Site: http://www.washington.edu/imap/ Security Contact: security@guardiandigital.com EnGarde Advisories: http://www.engardelinux.org/advisories.html - -------------------------------------------------------------------------- $Id: EBA-20011129-01-imap,v 1.2 2001/11/29 19:40:42 rwm Exp $ - -------------------------------------------------------------------------- Author: Ryan W. Maple, <ryan@guardiandigital.com> Copyright 2001, Guardian Digital, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8BpoOHD5cqd57fu0RAmEwAJ9abVrmsubdsAf9g4QW11KVl35dkwCfcRfr wRM1W11hsrzdQKqD9yVwuz0= =diyP -----END PGP SIGNATURE----- ------------------------------------------------------------------------ To unsubscribe email engarde-security-request@engardelinux.org with "unsubscribe" in the subject of the message. Copyright(c) 2001 Guardian Digital, Inc. EnGardeLinux.org ------------------------------------------------------------------------