I have released version 5.55 of stunnel.
This release addresses a number of important Windows issues,
including security vulnerabilities.
Version 5.55, 2019.06.10, urgency: HIGH
* Security bugfixes
- Fixed a Windows local privilege escalation vulnerability
caused insecure OpenSSL cross-compilation defaults.
Successful exploitation requires stunnel to be deployed
as a Windows service, and user-writable C:\ folder. This
vulnerability was discovered and reported by Rich Mirch.
- OpenSSL DLLs updated to version 1.1.1c.
- Implemented a workaround for Windows hangs caused by its
inability to the monitor the same socket descriptor from
- Windows configuration (including cryptographic keys)
is now completely removed at uninstall.
- A number of testing framework fixes and improvements.