SCIENTIFIC-LINUX-ERRATA Archives

April 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: stunnel on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 8 Apr 2013 19:31:47 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (23 lines) 
Synopsis:          Moderate: stunnel security update
Issue Date:        2013-04-08
CVE Numbers:       CVE-2013-1762
--

An integer conversion issue was found in stunnel when using Microsoft NT
LAN Manager (NTLM) authentication with the HTTP CONNECT tunneling method.
With this configuration, and using stunnel in SSL client mode on a 64-bit
system, an attacker could possibly execute arbitrary code with the
privileges of the stunnel process via a man-in-the-middle attack or by
tricking a user into using a malicious proxy. (CVE-2013-1762)
--

SL6
  x86_64
    stunnel-4.29-3.el6_4.x86_64.rpm
    stunnel-debuginfo-4.29-3.el6_4.x86_64.rpm
  i386
    stunnel-4.29-3.el6_4.i686.rpm
    stunnel-debuginfo-4.29-3.el6_4.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2