SUSE-OU-2016:1867-1: Security update for stunnel

sle-updates at sle-updates at
Mon Jul 25 07:09:33 MDT 2016

   SUSE Optional Update: Security update for stunnel

Announcement ID:    SUSE-OU-2016:1867-1
Rating:             low
References:         #961377 #987861 
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-SECURITY
                    SUSE Linux Enterprise Debuginfo 11-SP4

   An update that has two optional fixes can now be installed.


   This update provides a stunnel-openssl1 package which is built against
   openssl1 to provide TLS 1.2 support. (FATE#320187 bsc#961377 FATE#319972

   The stunnel-openssl1 package can be installed additionally to the stunnel

   The upate-alternatives method can be used to select either the openssl0
   or openssl1 build, default is the openssl1 build.

   To show what is selected: update-alternatives --display stunnel

   To switch switch use:

           update-alternatives --set stunnel /usr/sbin/stunnel.openssl0

           update-alternatives --set stunnel /usr/sbin/stunnel.openssl1

   or to change back to automatic handling use:

           update-alternatives --auto stunnel

   Also the ECDHE default elliptic curve was changed to the prime256v1 curve.

Patch Instructions:

   To install this SUSE Optional Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-stunnel-openssl1-12663=1

   - SUSE Linux Enterprise Server 11-SECURITY:

      zypper in -t patch secsp3-stunnel-openssl1-12663=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-stunnel-openssl1-12663=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):


   - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64):


   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):



More information about the sle-updates mailing list