Detections
Analytics

SUSE SLES15 Security Update : stunnel (SUSE-SU-2021:0194-1)

high Nessus Plugin ID 145352

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

This update for stunnel fixes the following issues :

Security issue fixed :

The 'redirect' option was fixed to properly handle 'verifyChain = yes' (bsc#1177580).

Non-security issues fixed :

Fix startup problem of the stunnel daemon (bsc#1178533)

update to 5.57 :

 - Security bugfixes

 - New features

 - New securityLevel configuration file option.

 - Support for modern PostgreSQL clients

 - TLS 1.3 configuration updated for better compatibility.

 - Bugfixes

 - Fixed a transfer() loop bug.

 - Fixed memory leaks on configuration reloading errors.

 - DH/ECDH initialization restored for client sections.

 - Delay startup with systemd until network is online.

 - A number of testing framework fixes and improvements.

update to 5.56 :

 - Various text files converted to Markdown format.

 - Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris.

 - Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn).

 - Retry unsuccessful port binding on configuration file reload.

 - Thread safety fixes in SSL_SESSION object handling.

 - Terminate clients on exit in the FORK threading model.

Fixup stunnel.conf handling :

 - Remove old static openSUSE provided stunnel.conf.

 - Use upstream stunnel.conf and tailor it for openSUSE using sed.

 - Don't show README.openSUSE when installing.

enable /etc/stunnel/conf.d

re-enable openssl.cnf

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Server Applications 15-SP2 :

zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-194=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1177580

https://bugzilla.suse.com/show_bug.cgi?id=1178533

http://www.nessus.org/u?4e86c234

Plugin Details

Severity: High

ID: 145352

File Name: suse_SU-2021-0194-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/25/2021

Updated: 1/25/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:stunnel-debugsource, p-cpe:/a:novell:suse_linux:stunnel, p-cpe:/a:novell:suse_linux:stunnel-debuginfo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 1/22/2021

Vulnerability Publication Date: 1/22/2021