Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux: CVE-2013-1762 Moderate Stunnel Security Advisory

Scientific Large Esm H446
Moderate: stunnel security update
Date: Mon, 8 Apr 2013 19:31:47 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: stunnel on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: stunnel security update
Issue Date: 2013-04-08
CVE Numbers: CVE-2013-1762
--

An integer conversion issue was found in stunnel when using Microsoft NT
LAN Manager (NTLM) authentication with the HTTP CONNECT tunneling method.
With this configuration, and using stunnel in SSL client mode on a 64-bit
system, an attacker could possibly execute arbitrary code with the
privileges of the stunnel process via a man-in-the-middle attack or by
tricking a user into using a malicious proxy. (CVE-2013-1762)
--

SL6
 x86_64
 stunnel-4.29-3.el6_4.x86_64.rpm
 stunnel-debuginfo-4.29-3.el6_4.x86_64.rpm
 i386
 stunnel-4.29-3.el6_4.i686.rpm
 stunnel-debuginfo-4.29-3.el6_4.i686.rpm

- Scientific Linux Development Team