- Package name
- Advisory ID
- Affected versions
- 8.1 i586 , 8.1 i586
All versions of stunnel from 3.15 to 3.21c are vulnerable to format string bugs in the functions which implement smtp, pop, and nntp client negotiations. Using stunnel with the "-n service" option and the "-c" client mode option, a malicious server could use the format sting vulnerability to run arbitrary code as the owner of the current stunnel process. Version 3.22 is not vulnerable to this bug.
08204f11728f2c6b6152de9ebb562ac5 8.1/RPMS/stunnel-3.22-1.1mdk.i586.rpm e85fbd3435759fa7b94bb5c371738b30 8.1/SRPMS/stunnel-3.22-1.1mdk.src.rpm
3616248cce2e982035b6905252610980 ia64/8.1/RPMS/stunnel-3.22-1.1mdk.ia64.rpm e85fbd3435759fa7b94bb5c371738b30 ia64/8.1/SRPMS/stunnel-3.22-1.1mdk.src.rpm