SUSE-SU-2022:0872-1 Security update for stunnel

This update for stunnel fixes the following issues: Update to 5.62 including new features and bugfixes: Security bugfixes - The 'redirect' option was fixed to properly handle unauthenticated requests bsc1182529. - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd...

stunnel < 5.14 Authentication Bypass Vulnerability

The version of stunnel installed on the remote host is prior to version 5.14. It is, therefore, affected by a vulnerability related to the handling of authentication failures that involve the 'redirect' option. In this case, only the initial connection is forwarded to the hosts specified with...

stunnel < 5.03 OpenSSL Multiple Vulnerabilities

The version of stunnel installed on the remote host is prior to version 5.03. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library : - A memory double-free error exists related to handling DTLS packets that allows denial of service attacks. CVE-2014-3505 - An...

CVE-2013-1762

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow...

CVE-2011-2940

stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via unspecified vectors...

CVE-2002-1563

stunnel 4.0.3 and earlier allows attackers to cause a denial of service crash via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter...

CVE-2002-1563

stunnel 4.0.3 and earlier allows attackers to cause a denial of service crash via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter...

CVE-2001-0060

Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username...