From Mageia wiki
MGASA-2013-0097
Date: | March 16rd, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated stunnel packages fix security vulnerability:
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM
authentication are enabled, does not correctly perform integer conversion,
which allows remote proxy servers to execute arbitrary code via a crafted
request that triggers a buffer overflow (CVE-2013-1762).
Updated Packages:
i586:
stunnel-4.55-1.mga2.i586.rpm
stunnel-debug-4.55-1.mga2.i586.rpm
x86_64:
stunnel-4.55-1.mga2.x86_64.rpm
stunnel-debug-4.55-1.mga2.x86_64.rpm
SRPMS:
stunnel-4.55-1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762
https://www.stunnel.org/CVE-2013-1762.html
https://bugs.mageia.org/show_bug.cgi?id=9312