Mandriva Linux Security Advisory : stunnel (MDVSA-2013:130)
Medium Nessus Plugin ID 66142
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated stunnel packages fix security vulnerability :
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow (CVE-2013-1762).
The updated packages also fixes the following :
- move library subpackages back into main stunnel package
- add a systemd unit file (partially fixing Bug 3951)
- fix issues with stunnel.conf and stunnel.pem, with stunnel running in a chroot environment.
SolutionUpdate the affected stunnel package.