[stunnel-users] OpenSSL Vulnerabilities

Rodrigo Gallardo rodrigo at debian.org
Tue Apr 7 20:11:20 CEST 2009

On Tue, Apr 07, 2009 at 01:19:17PM -0400, Cal Webster wrote:
> Will there be a security update of stunnel to address vulnerabilities
> outlined in CVE-2009-0590, CVE-2009-0591, and CVE-2009-0789? 
> Alternatively, will stunnel use updated OpenSSL libraries on the host?
> It appears that this is true on Fedora RPM packages.

This is true in any *nix system.

> However, I don't know how to determine whether the same dependency works
> with Win32 dll's.

This *should* work, as that is pretty much the whole point of shared
libraries. I have no actual knowledge of windows DLLs, though, so
there might be some obscure reason why it does not. I would recommend
you trace (somehow) exactly what on-disk DLLs stunnel is loading and
make sure your update replaces those.

More information about the stunnel-users mailing list