Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0109)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2022.0109

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2022-0109)

Zusammenfassung: The remote host is missing an update for the 'stunnel' package(s) announced via the MGASA-2022-0109 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'stunnel' package(s) announced via the MGASA-2022-0109 advisory.

Vulnerability Insight:
Update to 5.62 including new features and bugfixes:
Security bugfixes
- The 'redirect' option was fixed to properly handle unauthenticated
requests (bsc#1182529).
- Fixed a double free with OpenSSL older than 1.1.0.
- Added hardening to systemd service (bsc#1181400).
New features
- Added new 'protocol = capwin' and 'protocol = capwinctrl'
configuration file options.
- Added support for the new SSL_set_options() values.
- Added a bash completion script.
- New 'sessionResume' service-level option to allow or disallow
session resumption
- Download fresh ca-certs.pem for each new release.
- New 'protocolHeader' service-level option to insert custom 'connect'
protocol negotiation headers. This feature can be used to
impersonate other software (e.g. web browsers).
- 'protocolHost' can also be used to control the client SMTP protocol
negotiation HELO/EHLO value.
- Initial FIPS 3.0 support.
- Client-side 'protocol = ldap' support
Bugfixes
- Fixed a transfer() loop bug.
- Fixed reloading configuration with 'systemctl reload
stunnel.service'.
- Fixed incorrect messages logged for OpenSSL errors.
- Fixed 'redirect' with 'protocol'. This combination is not supported
by 'smtp', 'pop3' and 'imap' protocols.
- X.509v3 extensions required by modern versions of OpenSSL are added
to generated self-signed test certificates.
- Fixed a tiny memory leak in configuration file reload error handling.
- Fixed engine initialization.
- FIPS TLS feature is reported when a provider or container is
available, and not when FIPS control API is available.
- Fix configuration reload when compression is used
- Fix test suite fixed not to require external connectivity

Affected Software/OS:
'stunnel' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2022.0109
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2022-0109)
Zusammenfassung:	The remote host is missing an update for the 'stunnel' package(s) announced via the MGASA-2022-0109 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'stunnel' package(s) announced via the MGASA-2022-0109 advisory. Vulnerability Insight: Update to 5.62 including new features and bugfixes: Security bugfixes - The 'redirect' option was fixed to properly handle unauthenticated requests (bsc#1182529). - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service (bsc#1181400). New features - Added new 'protocol = capwin' and 'protocol = capwinctrl' configuration file options. - Added support for the new SSL_set_options() values. - Added a bash completion script. - New 'sessionResume' service-level option to allow or disallow session resumption - Download fresh ca-certs.pem for each new release. - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers). - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value. - Initial FIPS 3.0 support. - Client-side 'protocol = ldap' support Bugfixes - Fixed a transfer() loop bug. - Fixed reloading configuration with 'systemctl reload stunnel.service'. - Fixed incorrect messages logged for OpenSSL errors. - Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols. - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. - Fixed a tiny memory leak in configuration file reload error handling. - Fixed engine initialization. - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available. - Fix configuration reload when compression is used - Fix test suite fixed not to require external connectivity Affected Software/OS: 'stunnel' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2022 Greenbone AG