Mandriva Linux Security Advisory : stunnel (MDVSA-2008:168)
Medium Nessus Plugin ID 38063
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was found in the OCSP search functionality in stunnel that could allow a remote attacker to use a revoked certificate that would be successfully authenticated by stunnel (CVE-2008-2420). This flaw only concerns users who have enabled OCSP validation in stunnel.
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.