[stunnel-users] Bleedingheart Bug in OpenSSL

Kevin A. McGrail KMcGrail at PCCC.com
Thu Apr 10 12:58:31 CEST 2014

Replacing openssl and the certs should be an effective patch.  You can always check by running ldd against the stunnel binary to confirm it is linking to a specific SSL library.

There is also some consideration that you must assume systems were compromised and snooped and change all passwords as well...

Koenraad Lelong <stunnel at ace-electronics.be> wrote:

>op 10-04-14 12:15, Koenraad Lelong schreef:
>> op 08-04-14 16:58, Burak Say schreef:
>>> Hello,
>>> When do you think you can release a patch to use OpenSSL 1.0.1g
>>> of 1.0.1f?
>> Hi,
>> I would like to know if I'm safe when I installed the latest
>> openssl-libraries comming from ubuntu (for 12.04LTS). Or do I need to
>> update stunnel also ? The ubuntu package for the latest stunnel seems
>> unavailable right now.
>> Regards,
>> Koenraad.
>I just thought of looking in the package-manager. This says stunnel 
>depends on libssl1.0.0 (installed 1.0.1-4ubuntu5.12) and on openssl 
>(installed 1.0.1-4ubuntu5.12).
>So I presume I can generate new certificates.
>stunnel-users mailing list
>stunnel-users at stunnel.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140410/c0d911f9/attachment.html>

More information about the stunnel-users mailing list