Security
Security
A vulnerability was found in stunnel, allowing remote attackers to cause a Denial of Service and potentially arbitrary code execution.
| Package | net-misc/stunnel on all architectures |
|---|---|
| Affected versions | < 4.44 |
| Unaffected versions | >= 4.44 < 4 |
The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server.
An unspecified heap vulnerability was discovered in stunnel.
The vulnerability may possibly be leveraged to perform remote code execution or a Denial of Service attack.
There is no known workaround at this time.
All stunnel 4.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.44"
Release date
February 29, 2012
Latest revision
July 30, 2012: 2
Severity
normal
Exploitable
remote
Bugzilla entries