From Mageia wiki
Jump to: navigation, search

MGASA-2013-0097

Date: March 16rd, 2013
Affected releases: 2
Media: Core


Description:
Updated stunnel packages fix security vulnerability:

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM
authentication are enabled, does not correctly perform integer conversion,
which allows remote proxy servers to execute arbitrary code via a crafted
request that triggers a buffer overflow (CVE-2013-1762).

Updated Packages:
i586:
stunnel-4.55-1.mga2.i586.rpm
stunnel-debug-4.55-1.mga2.i586.rpm

x86_64:
stunnel-4.55-1.mga2.x86_64.rpm
stunnel-debug-4.55-1.mga2.x86_64.rpm

SRPMS:
stunnel-4.55-1.mga2.src.rpm

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762
https://www.stunnel.org/CVE-2013-1762.html
https://bugs.mageia.org/show_bug.cgi?id=9312

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2013-0097&oldid=15624"