stunnel 5.55 released

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

stunnel 5.55 released

OpenSSL - User mailing list
Dear Users,

I have released version 5.55 of stunnel.
This release addresses a number of important Windows issues, including security vulnerabilities.

Version 5.55, 2019.06.10, urgency: HIGH
* Security bugfixes
  - Fixed a Windows local privilege escalation vulnerability
    caused insecure OpenSSL cross-compilation defaults.
    Successful exploitation requires stunnel to be deployed
    as a Windows service, and user-writable C:\ folder. This
    vulnerability was discovered and reported by Rich Mirch.
  - OpenSSL DLLs updated to version 1.1.1c.
* Bugfixes
  - Implemented a workaround for Windows hangs caused by its
    inability to the monitor the same socket descriptor from
    multiple threads.
  - Windows configuration (including cryptographic keys)
    is now completely removed at uninstall.
  - A number of testing framework fixes and improvements.

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:
90de69f41c58342549e74c82503555a6426961b29af3ed92f878192727074c62  stunnel-5.55.tar.gz
e586b68da9e4faedf41cbcc8378402d7b188bb25b1f0f3cd1f2ce68620ef9e29  stunnel-5.55-win64-installer.exe
7af80d424986149629aad7d75710400f58ba259042c58557adf743627b5c8e3c  stunnel-5.55-android.zip

Best regards,
    Mike


signature.asc (849 bytes) Download Attachment