[stunnel-users] OpenSSL Vulnerabilities
rodrigo at debian.org
Tue Apr 7 20:11:20 CEST 2009
On Tue, Apr 07, 2009 at 01:19:17PM -0400, Cal Webster wrote:
> Will there be a security update of stunnel to address vulnerabilities
> outlined in CVE-2009-0590, CVE-2009-0591, and CVE-2009-0789?
> Alternatively, will stunnel use updated OpenSSL libraries on the host?
> It appears that this is true on Fedora RPM packages.
This is true in any *nix system.
> However, I don't know how to determine whether the same dependency works
> with Win32 dll's.
This *should* work, as that is pretty much the whole point of shared
libraries. I have no actual knowledge of windows DLLs, though, so
there might be some obscure reason why it does not. I would recommend
you trace (somehow) exactly what on-disk DLLs stunnel is loading and
make sure your update replaces those.
More information about the stunnel-users