SUSE-SU-2021:0194-1: moderate: Security update for stunnel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Jan 22 10:16:19 MST 2021
SUSE Security Update: Security update for stunnel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:0194-1
Rating: moderate
References: #1177580 #1178533
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP2
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for stunnel fixes the following issues:
Security issue fixed:
- The "redirect" option was fixed to properly handle "verifyChain = yes"
(bsc#1177580).
Non-security issues fixed:
- Fix startup problem of the stunnel daemon (bsc#1178533)
- update to 5.57:
* Security bugfixes
* New features
- New securityLevel configuration file option.
- Support for modern PostgreSQL clients
- TLS 1.3 configuration updated for better compatibility.
* Bugfixes
- Fixed a transfer() loop bug.
- Fixed memory leaks on configuration reloading errors.
- DH/ECDH initialization restored for client sections.
- Delay startup with systemd until network is online.
- A number of testing framework fixes and improvements.
- update to 5.56:
- Various text files converted to Markdown format.
- Support for realpath(3) implementations incompatible with
POSIX.1-2008, such as 4.4BSD or Solaris.
- Support for engines without PRNG seeding methods (thx to Petr
Mikhalitsyn).
- Retry unsuccessful port binding on configuration file reload.
- Thread safety fixes in SSL_SESSION object handling.
- Terminate clients on exit in the FORK threading model.
- Fixup stunnel.conf handling:
* Remove old static openSUSE provided stunnel.conf.
* Use upstream stunnel.conf and tailor it for openSUSE using sed.
* Don't show README.openSUSE when installing.
- enable /etc/stunnel/conf.d
- re-enable openssl.cnf
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Server Applications 15-SP2:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-194=1
Package List:
- SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64):
stunnel-5.57-3.5.1
stunnel-debuginfo-5.57-3.5.1
stunnel-debugsource-5.57-3.5.1
References:
https://bugzilla.suse.com/1177580
https://bugzilla.suse.com/1178533
More information about the sle-security-updates
mailing list