[stunnel-announce] stunnel 4.55 released (security update)
Michal.Trojnara at mirt.net
Sun Mar 3 20:46:00 CET 2013
I have released version 4.55 of stunnel. This is a massive bugfix
release, including a security bugfix. Update is highly recommended.
The ChangeLog entry:
Version 4.55, 2013.03.03, urgency: HIGH:
* Security bugfix
- OpenSSL updated to version 1.0.1e in Win32/Android builds.
- Buffer overflow vulnerability fixed in the NTLM authentication
of the CONNECT protocol negotiation.
See https://www.stunnel.org/CVE-2013-1762.html for details.
* New features
- SNI wildcard matching in server mode.
- Terminal version of stunnel (tstunnel.exe) build for Win32.
- Fixed write half-close handling in the transfer() function (thx to
- Fixed EAGAIN error handling in the transfer() function (thx to
- Restored default signal handlers before execvp() (thx to Michael
- Fixed memory leaks in protocol negotiation (thx to Arthur Mesh).
- Fixed a file descriptor leak during configuration file reload (thx
to Arthur Mesh).
- Closed SSL sockets were removed from the the transfer() c->fds poll.
- Minor fix in handling exotic inetd-mode configurations.
- WCE compilation fixes.
- IPv6 compilation fix in protocol.c.
- Windows installer fixes.
Home page: https://www.stunnel.org/
SHA-256 hash for stunnel-4.55.tar.gz:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 196 bytes
Desc: OpenPGP digital signature
More information about the stunnel-announce