Mangelnde Prüfung von Zertifikaten in stunnel
ID: | RHSA-2021:0619-01 |
Distribution: | Red Hat |
Plattformen: | Red Hat Enterprise Linux |
Datum: | Mo, 22. Februar 2021, 22:08 |
Referenzen: | https://access.redhat.com/security/cve/CVE-2021-20230 |
Applikationen: | stunnel |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: stunnel security update Advisory ID: RHSA-2021:0619-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0619 Issue date: 2021-02-22 CVE Names: CVE-2021-20230 ===================================================================== 1. Summary: An update for stunnel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection (encrypted using SSL or TLS) or to provide an encrypted means of connecting to services that do not natively support encryption. Security Fix(es): * stunnel: client certificate not correctly verified when redirect and verifyChain options are used (CVE-2021-20230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1925226 - CVE-2021-20230 stunnel: client certificate not correctly verified when redirect and verifyChain options are used 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: stunnel-5.48-6.el8_2.src.rpm aarch64: stunnel-5.48-6.el8_2.aarch64.rpm stunnel-debuginfo-5.48-6.el8_2.aarch64.rpm stunnel-debugsource-5.48-6.el8_2.aarch64.rpm ppc64le: stunnel-5.48-6.el8_2.ppc64le.rpm stunnel-debuginfo-5.48-6.el8_2.ppc64le.rpm stunnel-debugsource-5.48-6.el8_2.ppc64le.rpm s390x: stunnel-5.48-6.el8_2.s390x.rpm stunnel-debuginfo-5.48-6.el8_2.s390x.rpm stunnel-debugsource-5.48-6.el8_2.s390x.rpm x86_64: stunnel-5.48-6.el8_2.x86_64.rpm stunnel-debuginfo-5.48-6.el8_2.x86_64.rpm stunnel-debugsource-5.48-6.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20230 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is |