GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed May 26, 2021 8:26 am Post subject: [ GLSA 202105-02 ] stunnel |
 |
|
Gentoo Linux Security Advisory
Title: stunnel: Improper certificate validation (GLSA 202105-02)
Severity: low
Exploitable: local, remote
Date: 2021-05-26
Bug(s): #772146
ID: 202105-02
Synopsis
Stunnel was not properly verifying TLS certificates, possibly
allowing an integrity/confidentiality compromise.
Background
The stunnel program is designed to work as an SSL/TLS encryption wrapper
between a client and a local or remote server.
Affected Packages
Package: net-misc/stunnel
Vulnerable: < 5.58
Unaffected: >= 5.58
Architectures: All supported architectures
Description
It was discovered that stunnel did not correctly verified the client
certificate when options “redirect” and “verifyChain” are used.
Impact
A remote attacker could send a specially crafted certificate, possibly
resulting in a breach of integrity or confidentiality.
Workaround
There is no known workaround at this time.
Resolution
All stunnel users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/stunnel-5.58"
|
References
CVE-2021-20230 |
|
News & Announcements
