Synopsis:          Moderate: stunnel security update
Issue Date:        2013-04-08
CVE Numbers:       CVE-2013-1762
--

An integer conversion issue was found in stunnel when using Microsoft NT
LAN Manager (NTLM) authentication with the HTTP CONNECT tunneling method.
With this configuration, and using stunnel in SSL client mode on a 64-bit
system, an attacker could possibly execute arbitrary code with the
privileges of the stunnel process via a man-in-the-middle attack or by
tricking a user into using a malicious proxy. (CVE-2013-1762)
--

SL6
  x86_64
    stunnel-4.29-3.el6_4.x86_64.rpm
    stunnel-debuginfo-4.29-3.el6_4.x86_64.rpm
  i386
    stunnel-4.29-3.el6_4.i686.rpm
    stunnel-debuginfo-4.29-3.el6_4.i686.rpm

- Scientific Linux Development Team