Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0071 Multiple OpenSSL vulnerabilities have been identified within stunnel. 13 June 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: stunnel Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-3470 CVE-2014-0224 CVE-2014-0221 CVE-2014-0198 CVE-2014-0195 CVE-2014-0076 CVE-2010-5298 Member content until: Sunday, July 13 2014 OVERVIEW Multiple OpenSSL vulnerabilities have been identified within stunnel. [1] IMPACT The vendor has provided the following details regarding these vulnerabilities: "OpenSSL DLLs updated to version 1.0.1h. See http://www.openssl.org/news/secadv_20140605.txt" [1, 2] Details about these vulnerabilities can be also be found within our ESB. [3] MITIGATION The vendor recommends upgrading to the latest version of stunnel. [1] REFERENCES [1] stunnel: ChangeLog https://www.stunnel.org/sdf_ChangeLog.html [2] OpenSSL Security Advisory [05 Jun 2014] https://www.auscert.org.au/19818 [3] ESB-2014.0887 - ALERT [Win][UNIX/Linux] OpenSSL: Multiple vulnerabilities https://www.auscert.org.au/19818 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU5pwDhLndAQH1ShLAQJKHxAAr24D0jTM1ggVZOyCpwOC4JFyMFffYmsG w4C+AGePvfZzQzyyQ5hNfAj8Gr9DX59wQad0KKhIYha4uH1kVYYnCQFTFS6t7Lk8 aXr0AJj25ChemWUao/22cTZxt7IPXJhI0lAeRfLAUpj0ITToLVHB4idIDfM7kimP vyyWPJyn4Tepk80nAruuHd2tWNofystcwYkVTz/rGID6nshQvebh+iXwsYEU/yRL o8Um9XDONGpk5NnlLZex32sYTSGiGaVI6Bjg2++KndVFKK6b9QrGNHNI0nhrJWmG MeWlvrusb5nvgahbOl8ex7otepvDbC1Uzp/NuFZKdVJS8cn/mBF6app7b3Tm86C2 79a5gMV78UqzUFe8oRo+Y75xODP2wo97bJWxfwUDBrTlLLVLt2v6nF1ZZJO6zDnc 4lUlakmsmimapPzkVKRm1Xd2qYZi0eqq8TunoKZRsSWc5mvaXajMo7FFEoKP2hjZ VA0u5PLVLygLmiUXyuuWS9lBLcQxcKv6g30wbuhDjorTQqbVhTIXejhLMAjsGs95 uNE623iLCv5u++4w//GZisShbSjCVJ6zqp3kFCzPHMCPmb6rdMFj67VP/wZAduUU eGWZ6v8uYVGPpfrVmmDVuZ54dnwn9N9ofakqq38XNL+QITXEQ5oRle8J2D66O+BU U3Cz+38MoIk= =gD2A -----END PGP SIGNATURE-----