- Package name
- Advisory ID
- Affected versions
- MBS1 x86_64
Updated stunnel packages fix security vulnerability:
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and
NTLM authentication are enabled, does not correctly perform integer
conversion, which allows remote proxy servers to execute arbitrary code
via a crafted request that triggers a buffer overflow (CVE-2013-1762).
The updated packages also fixes the following:
- move library subpackages back into main stunnel package
- add a systemd unit file (partially fixing Bug 3951)
- fix issues with stunnel.conf and stunnel.pem, with stunnel running
in a chroot environment.
1eb5c58851d2856d80c28978b6df0516 mbs1/x86_64/stunnel-4.55-1.mbs1.x86_64.rpm e0e0026642bcceda874cdd2009d98dc1 mbs1/SRPMS/stunnel-4.55-1.mbs1.src.rpm