Security
Security
Stunnel was not properly verifying TLS certificates, possibly allowing an integrity/confidentiality compromise.
| Package | net-misc/stunnel on all architectures |
|---|---|
| Affected versions | < 5.58 |
| Unaffected versions | >= 5.58 |
The stunnel program is designed to work as an SSL/TLS encryption wrapper between a client and a local or remote server.
It was discovered that stunnel did not correctly verified the client certificate when options “redirect” and “verifyChain” are used.
A remote attacker could send a specially crafted certificate, possibly resulting in a breach of integrity or confidentiality.
There is no known workaround at this time.
All stunnel users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/stunnel-5.58"
Release date
May 26, 2021
Latest revision
May 26, 2021: 1
Severity
low
Exploitable
local, remote
Bugzilla entries