stunnel: Arbitrary code execution

2012-02-29T00:00:00
ID GLSA-201202-08
Type gentoo
Reporter Gentoo Foundation
Modified 2012-07-30T00:00:00

Description

Background

The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server.

Description

An unspecified heap vulnerability was discovered in stunnel.

Impact

The vulnerability may possibly be leveraged to perform remote code execution or a Denial of Service attack.

Workaround

There is no known workaround at this time.

Resolution

All stunnel 4.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.44"