Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3299-1] stunnel4 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3299-1] stunnel4 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3299-1] stunnel4 security update
  • Date: Thu, 02 Jul 2015 15:48:19 +0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 2 Jul 2015 15:48:37 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <S9F6Ybae2GF.A.BrC.V1VlVB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3299-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : stunnel4
CVE ID : CVE-2015-3644
Debian Bug : 785352

Johan Olofsson discovered an authentication bypass vulnerability in
Stunnel, a program designed to work as an universal SSL tunnel for
network daemons. When Stunnel in server mode is used with the redirect
option and certificate-based authentication is enabled with "verify = 2"
or higher, then only the initial connection is redirected to the hosts
specified with "redirect". This allows a remote attacker to bypass
authentication.

For the stable distribution (jessie), this problem has been fixed in
version 3:5.06-2+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 3:5.18-1.

For the unstable distribution (sid), this problem has been fixed in
version 3:5.18-1.

We recommend that you upgrade your stunnel4 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVlVtTAAoJEAVMuPMTQ89Ez4wP/1HBhk0TceEkAqzpxWukyK5W
i2L4/QNbh2xCAKAXn/6YcgiNjeec0CDkXx9xsXMKG8jiUEobxdXMISznOIt0OZTN
a8QleldQYD+lTaLxCoXYkTZEefuvkDYEETQdLEql7D5T1QW6UQ5RTnDX+7BO7uNS
uNsqeKye5FeoNRZznbndjfGkh/Xyk0CzPv9my5FreTzneq9XxrrnoMHsYDNCIeFB
hxuaPDnaEejcXYaA2T0FtDW9nG3BVEcnlxl9/Ryj2js+LVRc03gIsiQFgP6hhgB8
Jx9bz9OErGs8uR272nQJuV60qCMGDMhtNhVngQtfc1JwwwQ4vmv1W0nsvT03LdNP
VaLYTT+8NQRY8WVzOswJhC+6zVt6XF5aoOhxyW0Q1bFHi6Hb5rDM01DCkZLYnUvX
1McJel3NySZxf4ckZ8HGOCsYDcoMd+gczrmhfd29iGT0+M5Yx/vyY0Eb7XX8aCLA
Maszd/pUBkY5BRyl8+flFwRVO0ma7zVi29z7f7679XZ9Hc+r77OROStbk8SJe/ec
dzOPTG4SzzBvgpbdChtjX6B/nDJMl63H5vovG/dVkMxna+iE6eOjwFFZQ2dfP3UM
64tJvHHRn0v49kU2xDrZDxmoDcT4HhSB+9bABh24u9IR9JpaSIruxx3OZhluuYP4
/XxtShKrQNCApKgc7pjR
=jN0q
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: E1ZAgip-0001NQ-OW AT master.debian.org">https://lists.debian.org/E1ZAgip-0001NQ-OW AT master.debian.org



  • [IT-SecNots] [SECURITY] [DSA 3299-1] stunnel4 security update, Salvatore Bonaccorso, 02.07.2015

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang