MDKSA-2003:108

Package name

stunnel

Date

2003-11-25

Advisory ID

MDKSA-2003:108

Affected versions

CS2.1 i586 , 9.0 i586 , CS2.1 x86_64

Problem description

A vulnerability was discovered in stunnel versions 3.24 and earlier, as well as 4.00, by Steve Grubb. It was found that stunnel leaks a critical file descriptor that can be used to hijack stunnel's services. All users are encouraged to upgrade to these packages. Note that the version of stunnel provided with Mandrake Linux 9.1 and above is not vulnerable to this problem.

Updated packages

CS2.1 i586

 77c752f98e0685dd677656e56b6a931c  corporate/2.1/RPMS/stunnel-3.26-1.1.C21mdk.i586.rpm
45596e6e50ed995cf4b18f9bd7366828  corporate/2.1/SRPMS/stunnel-3.26-1.1.C21mdk.src.rpm

9.0 i586

 6b3eec02f63aa0d7aa64fe79b62e3020  9.0/RPMS/stunnel-3.26-1.1.90mdk.i586.rpm
14afcc8f0257338107bc60e33919a465  9.0/SRPMS/stunnel-3.26-1.1.90mdk.src.rpm

CS2.1 x86_64

 f080fa4956c146a3e40dc05ae6dbefe8  x86_64/corporate/2.1/RPMS/stunnel-3.26-1.1.C21mdk.x86_64.rpm
45596e6e50ed995cf4b18f9bd7366828  x86_64/corporate/2.1/SRPMS/stunnel-3.26-1.1.C21mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0740
• http://marc.theaimsgroup.com/?l=bugtraq&m=106260760211958&w=2