From Mageia wiki
Revision as of 22:30, 16 March 2013 by Dmorgan (talk | contribs) (Created page with "== MGASA-2013-0097 == {| |'''Date:''' |March 16rd, 2013 |- |'''Affected releases:''' |2 |- |'''Media:''' |Core |} '''Description:'''<br/> Updated stunnel packages fix security...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

MGASA-2013-0097

Date: March 16rd, 2013
Affected releases: 2
Media: Core


Description:
Updated stunnel packages fix security vulnerability:

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM
authentication are enabled, does not correctly perform integer conversion,
which allows remote proxy servers to execute arbitrary code via a crafted
request that triggers a buffer overflow (CVE-2013-1762).

Updated Packages:
i586:
stunnel-4.55-1.mga2.i586.rpm
stunnel-debug-4.55-1.mga2.i586.rpm

x86_64:
stunnel-4.55-1.mga2.x86_64.rpm
stunnel-debug-4.55-1.mga2.x86_64.rpm

SRPMS:
stunnel-4.55-1.mga2.src.rpm

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762
https://www.stunnel.org/CVE-2013-1762.html
https://bugs.mageia.org/show_bug.cgi?id=9312