Bug 3302 - [UPDATE REQUEST] [UPSTREAM UPDATE] stunnel
: [UPDATE REQUEST] [UPSTREAM UPDATE] stunnel
Status: RESOLVED INVALID
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-12-02 19:05 MSK by Andrew Lukoshko
Modified: 2014-01-21 19:04 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2013-12-02 19:05:15 MSK
An integer conversion issue was found in stunnel when using Microsoft NT
LAN Manager (NTLM) authentication with the HTTP CONNECT tunneling method.
With this configuration, and using stunnel in SSL client mode on a 64-bit
system, an attacker could possibly execute arbitrary code with the
privileges of the stunnel process via a man-in-the-middle attack or by
tricking a user into using a malicious proxy. (CVE-2013-1762)

http://rhn.redhat.com/errata/RHBA-2013-1742.html

https://abf.rosalinux.ru/build_lists/1451995
https://abf.rosalinux.ru/build_lists/1451996
Comment 1 Vladimir Potapov 2013-12-10 15:46:46 MSK
Please, up the version (or package send to repo without qa?)
************************
QA Denied