Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0109)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.10.2022.0109

Category: Mageia Linux Local Security Checks

Title: Mageia: Security Advisory (MGASA-2022-0109)

Summary: The remote host is missing an update for the 'stunnel' package(s) announced via the MGASA-2022-0109 advisory.

Description: Summary:
The remote host is missing an update for the 'stunnel' package(s) announced via the MGASA-2022-0109 advisory.

Vulnerability Insight:
Update to 5.62 including new features and bugfixes:
Security bugfixes
- The 'redirect' option was fixed to properly handle unauthenticated
requests (bsc#1182529).
- Fixed a double free with OpenSSL older than 1.1.0.
- Added hardening to systemd service (bsc#1181400).
New features
- Added new 'protocol = capwin' and 'protocol = capwinctrl'
configuration file options.
- Added support for the new SSL_set_options() values.
- Added a bash completion script.
- New 'sessionResume' service-level option to allow or disallow
session resumption
- Download fresh ca-certs.pem for each new release.
- New 'protocolHeader' service-level option to insert custom 'connect'
protocol negotiation headers. This feature can be used to
impersonate other software (e.g. web browsers).
- 'protocolHost' can also be used to control the client SMTP protocol
negotiation HELO/EHLO value.
- Initial FIPS 3.0 support.
- Client-side 'protocol = ldap' support
Bugfixes
- Fixed a transfer() loop bug.
- Fixed reloading configuration with 'systemctl reload
stunnel.service'.
- Fixed incorrect messages logged for OpenSSL errors.
- Fixed 'redirect' with 'protocol'. This combination is not supported
by 'smtp', 'pop3' and 'imap' protocols.
- X.509v3 extensions required by modern versions of OpenSSL are added
to generated self-signed test certificates.
- Fixed a tiny memory leak in configuration file reload error handling.
- Fixed engine initialization.
- FIPS TLS feature is reported when a provider or container is
available, and not when FIPS control API is available.
- Fix configuration reload when compression is used
- Fix test suite fixed not to require external connectivity

Affected Software/OS:
'stunnel' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Copyright Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.10.2022.0109
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2022-0109)
Summary:	The remote host is missing an update for the 'stunnel' package(s) announced via the MGASA-2022-0109 advisory.
Description:	Summary: The remote host is missing an update for the 'stunnel' package(s) announced via the MGASA-2022-0109 advisory. Vulnerability Insight: Update to 5.62 including new features and bugfixes: Security bugfixes - The 'redirect' option was fixed to properly handle unauthenticated requests (bsc#1182529). - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service (bsc#1181400). New features - Added new 'protocol = capwin' and 'protocol = capwinctrl' configuration file options. - Added support for the new SSL_set_options() values. - Added a bash completion script. - New 'sessionResume' service-level option to allow or disallow session resumption - Download fresh ca-certs.pem for each new release. - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers). - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value. - Initial FIPS 3.0 support. - Client-side 'protocol = ldap' support Bugfixes - Fixed a transfer() loop bug. - Fixed reloading configuration with 'systemctl reload stunnel.service'. - Fixed incorrect messages logged for OpenSSL errors. - Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols. - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. - Fixed a tiny memory leak in configuration file reload error handling. - Fixed engine initialization. - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available. - Fix configuration reload when compression is used - Fix test suite fixed not to require external connectivity Affected Software/OS: 'stunnel' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2022 Greenbone AG