|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : stunnel SUMMARY : File descriptor leak and SIGCHLD DoS vulnerabilities DATE : 2003-09-05 18:09:00 ID : CLA-2003:736 RELEVANT RELEASES : 7.0, 8, 9 - ------------------------------------------------------------------------- DESCRIPTION Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over a secure connection (encrypted using SSL or TLS) or to provide a secure means of connecting to services that do not natively support encryption. This update fixes two vulnerabilities that affect stunnel versions shipped with Conectiva Linux: 1. SIGCHLD Denial of Service (CAN-2002-1563)[1] Henrik Eriksson found[2] a race in the code that handles the SIGCHLD signal. This vulnerability affects stunnel when configured to listen for incoming connections (instead of being invoked by inetd) and to start a new child process to handle each new connection. A remote attacker can exploit this vulnerability to bring the tunneled service down. 2. File descriptor leak (CAN-2003-0740)[3] Steve Grubb found[4] a file descriptor leak vulnerability in versions prior to 3.26 of stunnel that allows a local attacker to hijack the stunnel server. Since this update brings a new version of stunnel (3.26), several other fixes and minor changes are included as well[5]. SOLUTION All stunnel users should upgrade. Please note that after the upgrade all instances of stunnel and all active network connections being served by it must be restarted manually. REFERENCES: 1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1563 2.http://marc.theaimsgroup.com/?l=stunnel-users&m=103600188215117&w=2 3.http://www.securityfocus.com/archive/1/335996 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0740 5.http://www.stunnel.org/news/ UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/7.0/RPMS/stunnel-3.26-1U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/stunnel-3.26-1U70_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/stunnel-3.26-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/stunnel-3.26-1U80_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/stunnel-3.26-21517U90_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/stunnel-3.26-21517U90_1cl.src.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/WPyV42jd0JmAcZARApJVAKDBhvm9bXQ8GWEDMCbE0+zPs15K9wCgkdgb gXbVi8CFgPUMfSCJ4gmADUs= =yxsa -----END PGP SIGNATURE-----