Opened 5 years ago

Closed 5 years ago

#12139 closed enhancement (fixed)

stunnel-5.55

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: normal Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by Bruce Dubbs)

New minor version

Version 5.55, 2019.06.10, urgency: HIGH

    Security bugfixes
       -  Fixed a Windows local privilege escalation vulnerability caused 
          insecure OpenSSL cross-compilation defaults. Successful exploitation
          requires stunnel to be deployed as a Windows service, and user-
          writable C:\ folder.  
       -  OpenSSL DLLs updated to version 1.1.1c.

    Bugfixes
       -  Implemented a workaround for Windows hangs caused by its inability
          to monitor the same socket descriptor from multiple threads.
       -  Windows configuration (including cryptographic keys) is now 
          completely removed at uninstall.
       -  A number of testing framework fixes and improvements.

Change History (4)

comment:1 by Bruce Dubbs, 5 years ago

Milestone: 8.59.0

Milestone renamed

comment:2 by Bruce Dubbs, 5 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:3 by Bruce Dubbs, 5 years ago

Description: modified (diff)

comment:4 by Bruce Dubbs, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 21793.

Note: See TracTickets for help on using tickets.