stunnel 5.55 released

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

stunnel 5.55 released

OpenSSL - User mailing list
Dear Users,

I have released version 5.55 of stunnel.
This release addresses a number of important Windows issues, including security vulnerabilities.

Version 5.55, 2019.06.10, urgency: HIGH
* Security bugfixes
  - Fixed a Windows local privilege escalation vulnerability
    caused insecure OpenSSL cross-compilation defaults.
    Successful exploitation requires stunnel to be deployed
    as a Windows service, and user-writable C:\ folder. This
    vulnerability was discovered and reported by Rich Mirch.
  - OpenSSL DLLs updated to version 1.1.1c.
* Bugfixes
  - Implemented a workaround for Windows hangs caused by its
    inability to the monitor the same socket descriptor from
    multiple threads.
  - Windows configuration (including cryptographic keys)
    is now completely removed at uninstall.
  - A number of testing framework fixes and improvements.

Home page:

SHA-256 hashes:
90de69f41c58342549e74c82503555a6426961b29af3ed92f878192727074c62  stunnel-5.55.tar.gz
e586b68da9e4faedf41cbcc8378402d7b188bb25b1f0f3cd1f2ce68620ef9e29  stunnel-5.55-win64-installer.exe

Best regards,

signature.asc (849 bytes) Download Attachment