2 matches found
Fedora 9 : stunnel-4.24-1.fc9 (2008-4531)
New upstream release 4.24 fixing security issue in certificate verification via OCSP protocol: http://stunnel.mirt.net/pipermail/stunnel- announce/2008-May/000035.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...
CVE-2008-2420
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...