A vulnerability was found in stunnel, allowing remote attackers to cause a Denial of Service and potentially arbitrary code execution.
|Package||net-misc/stunnel on all architectures|
|Affected versions||< 4.44|
|Unaffected versions||>= 4.44, < 4|
The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server.
An unspecified heap vulnerability was discovered in stunnel.
The vulnerability may possibly be leveraged to perform remote code execution or a Denial of Service attack.
There is no known workaround at this time.
All stunnel 4.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/stunnel-4.44"
February 29, 2012
July 30, 2012: 2