Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2014.0096
Multiple OpenSSL vulnerabilities have been identified within stunnel
11 August 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: stunnel
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-5139 CVE-2014-3512 CVE-2014-3511
CVE-2014-3510 CVE-2014-3509 CVE-2014-3508
CVE-2014-3507 CVE-2014-3506 CVE-2014-3505
Member content until: Wednesday, September 10 2014
Reference: ESB-2014.1335
ESB-2014.1334
OVERVIEW
Multiple OpenSSL vulnerabilities have been identified within
stunnel. [1]
IMPACT
The vendor has provided the following details regarding these
vulnerabilities:
"OpenSSL DLLs updated to version 1.0.1i. See
https://www.openssl.org/news/secadv_20140806.txt" [1, 2]
MITIGATION
The vendor recommends upgrading to the latest version of stunnel.
[1]
REFERENCES
[1] stunnel change log
https://www.stunnel.org/sdf_ChangeLog.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU+hJYBLndAQH1ShLAQJrDA//T4j8mTJhU1Onguc19qZCLkxL8yF3gLaa
l/msKBDxExBKVIhwSeokTThHxOQqtRas03Ql0O66IZne/8Dk2IppHvCtGRWAMpcN
egFnGvF4Zg2R3PcU9dk/gPv3tl05SBcvry4s9BBxFtVlqNwJ/Z08ShLXAfWl2p89
BSrHkrMOcw2SqJUY6SVYd9mY6OQ+//AYr9rLa5gVpn0nu3rnox6Un94UOkEx9nv0
oLJQJt1utmyV8ilaJfF2rReK9NHJW4nOEk1cSgQhPAjbBbJh0XZ/czIvV9KhlKTK
PQZEuHalOCRi4BQ7msqUbs/N5iZW+XJaIVt4gRXpuKt/wMUWhLneUknpr6TJeFx6
xgKZVZk0zQf340tdD/ievd5g0Y2fGq7SML2YutQWSu5aC6SHd951ySB83nzISJfA
S7XXnGYsImmsRHFYjHtQfpjO2HELBXBTxfnFkE54esFBgAWxWVQ3SyJFguvI6C2c
b8mDKR2FY2goXkO9MSZyhjuaI/LMaFVrC8u3wc256zerZ0PoxNjSIMOGr/w9iMnL
VSkarTiqpdtZxnJrul3LBs1jOoGgOpH6kuaM+BQHBoajZ7fDvgpj1J7tbFtHu6+2
/OEppC4paI06IXWP8s3QCBUQ/pvnzL0bn7arBgHMv36T6fTAdsu1TzWic57pqXkM
vXhqUFEUzIw=
=nsb5
-----END PGP SIGNATURE-----