| Summary: | stunnel new security issue fixed upstream in 5.58 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | stunnel-5.57-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-03-17 23:20:18 CET
Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SF6GP7Y7QBDPSDEMYQPWKSOXKRHILQVP/ Different people maintain this, so having to assign it globally. Assignee:
bugsquad =>
pkg-bugs Suggested advisory: ======================== The updated package fixes a security vulnerability. References: https://lists.suse.com/pipermail/sle-security-updates/2022-March/010458.html https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SF6GP7Y7QBDPSDEMYQPWKSOXKRHILQVP/ ======================== Updated package in core/updates_testing: ======================== stunnel-5.63-1.mga8 from SRPM: stunnel-5.63-1.mga8.src.rpm Assignee:
pkg-bugs =>
qa-bugs
Thomas Backlund
2022-03-20 11:29:58 CET
Version:
Cauldron =>
8 MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues Looking at previous updates ref to bug 12943 Comment 8. Trying to follow rather blindly. Notice there are 2 executables now: stunnel and stunnel3 Did following changes to /etc/stunnel/stunnel.conf Inserted line fips = no Uncommented the https section lin and uncommented and changed the 'accept' port it listens on to 4443 from 443. The stunnel command gave an awfull lot of feedback, and the ps and neststat command returned blank. Tried # stunnel3 [ ] Initializing inetd mode configuration [ ] Clients allowed=500 [.] stunnel 5.63 on x86_64-mageia-linux-gnu platform [.] Compiled with OpenSSL 1.1.1n 15 Mar 2022 [.] Running with OpenSSL 1.1.1m 14 Dec 2021 [.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP [ ] errno: (*__errno_location ()) [ ] Initializing inetd mode configuration [.] Reading configuration from descriptor 3 [.] FIPS mode disabled [ ] Compression enabled: 0 methods [ ] No PRNG seeding was required [!] Inetd mode: TLS server needs a certificate [!] Configuration failed [ ] Deallocating temporary section defaults And that does not look good. CC:
(none) =>
herman.viaene The stunnel3 command also fails with "Configuration failed" for me, however that is not a regressions. It is working with /etc/stunnel/stunnel.conf having ... [nntps] client=yes connect=news.eternal-september.org:563 cert=/etc/pki/tls/certs/stunnel.pem accept=564 TIMEOUTconnect=60 I'm using leafnode to get nttps with ... # grep -v -e ^'#' -e ^$ /etc/leafnode/config expire = 20 server = localhost port = 564 username = dwhodgins password = munged timeout = 300 timeout_fetchnews = 300 initialfetch = 500 nodesc = 1 maxage = 5 filterfile = /etc/leafnode/filters debugmode = 0 create_all_links = 0 allow_8bit_headers = 1 article_despite_filter = 1 noxover = 1 Whiteboard:
(none) =>
MGA8-64-OK
Dave Hodgins
2022-03-21 19:29:08 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0109.html Status:
ASSIGNED =>
RESOLVED |