drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in stunnel
Name: |
Mangelnde Rechteprüfung in stunnel |
|
ID: |
DSA-3299-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian jessie, Debian stretch |
|
Datum: |
Do, 2. Juli 2015, 19:21 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3644 |
|
Applikationen: |
stunnel |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3299-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2015 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : stunnel4 CVE ID : CVE-2015-3644 Debian Bug : 785352
Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with "verify = 2" or higher, then only the initial connection is redirected to the hosts specified with "redirect". This allows a remote attacker to bypass authentication.
For the stable distribution (jessie), this problem has been fixed in version 3:5.06-2+deb8u1.
For the testing distribution (stretch), this problem has been fixed in version 3:5.18-1.
For the unstable distribution (sid), this problem has been fixed in version 3:5.18-1.
We recommend that you upgrade your stunnel4 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVlVtTAAoJEAVMuPMTQ89Ez4wP/1HBhk0TceEkAqzpxWukyK5W i2L4/QNbh2xCAKAXn/6YcgiNjeec0CDkXx9xsXMKG8jiUEobxdXMISznOIt0OZTN a8QleldQYD+lTaLxCoXYkTZEefuvkDYEETQdLEql7D5T1QW6UQ5RTnDX+7BO7uNS uNsqeKye5FeoNRZznbndjfGkh/Xyk0CzPv9my5FreTzneq9XxrrnoMHsYDNCIeFB hxuaPDnaEejcXYaA2T0FtDW9nG3BVEcnlxl9/Ryj2js+LVRc03gIsiQFgP6hhgB8 Jx9bz9OErGs8uR272nQJuV60qCMGDMhtNhVngQtfc1JwwwQ4vmv1W0nsvT03LdNP VaLYTT+8NQRY8WVzOswJhC+6zVt6XF5aoOhxyW0Q1bFHi6Hb5rDM01DCkZLYnUvX 1McJel3NySZxf4ckZ8HGOCsYDcoMd+gczrmhfd29iGT0+M5Yx/vyY0Eb7XX8aCLA Maszd/pUBkY5BRyl8+flFwRVO0ma7zVi29z7f7679XZ9Hc+r77OROStbk8SJe/ec dzOPTG4SzzBvgpbdChtjX6B/nDJMl63H5vovG/dVkMxna+iE6eOjwFFZQ2dfP3UM 64tJvHHRn0v49kU2xDrZDxmoDcT4HhSB+9bABh24u9IR9JpaSIruxx3OZhluuYP4 /XxtShKrQNCApKgc7pjR =jN0q -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/E1ZAgip-0001NQ-OW@master.debian.org
|
|
|
|