Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Mon, 8 Apr 2013 19:31:47 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Moderate: stunnel on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: stunnel security update Issue Date: 2013-04-08 CVE Numbers: CVE-2013-1762 -- An integer conversion issue was found in stunnel when using Microsoft NT LAN Manager (NTLM) authentication with the HTTP CONNECT tunneling method. With this configuration, and using stunnel in SSL client mode on a 64-bit system, an attacker could possibly execute arbitrary code with the privileges of the stunnel process via a man-in-the-middle attack or by tricking a user into using a malicious proxy. (CVE-2013-1762) -- SL6 x86_64 stunnel-4.29-3.el6_4.x86_64.rpm stunnel-debuginfo-4.29-3.el6_4.x86_64.rpm i386 stunnel-4.29-3.el6_4.i686.rpm stunnel-debuginfo-4.29-3.el6_4.i686.rpm - Scientific Linux Development Team