Nom du paquet
stunnel
Date
2013-04-10
Advisory ID
MDVSA-2013:130
Affected versions
MBS1 x86_64

Problem description

Updated stunnel packages fix security vulnerability:

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and
NTLM authentication are enabled, does not correctly perform integer
conversion, which allows remote proxy servers to execute arbitrary code
via a crafted request that triggers a buffer overflow (CVE-2013-1762).

The updated packages also fixes the following:

- move library subpackages back into main stunnel package
- add a systemd unit file (partially fixing Bug 3951)
- fix issues with stunnel.conf and stunnel.pem, with stunnel running
in a chroot environment.

Updated packages

MBS1 x86_64

 1eb5c58851d2856d80c28978b6df0516  mbs1/x86_64/stunnel-4.55-1.mbs1.x86_64.rpm 
 e0e0026642bcceda874cdd2009d98dc1  mbs1/SRPMS/stunnel-4.55-1.mbs1.src.rpm

References