Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.23239
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.23239
<patchinfo incident="23239"> <issue tracker="jsc" id="SLE-20679"/> <issue tracker="bnc" id="1182529">VUL-0: stunnel: Security problem in redirect option for unauthenticated requests</issue> <issue tracker="bnc" id="1181400">AUDIT-TASK: Evaluate systemd hardenings and get more services to use them</issue> <packager>pmonrealgonzalez</packager> <rating>important</rating> <category>security</category> <summary>Security update for stunnel</summary> <description>This update for stunnel fixes the following issues: Update to 5.62 including new features and bugfixes: * Security bugfixes - The "redirect" option was fixed to properly handle unauthenticated requests (bsc#1182529). - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service (bsc#1181400). * New features - Added new "protocol = capwin" and "protocol = capwinctrl" configuration file options. - Added support for the new SSL_set_options() values. - Added a bash completion script. - New 'sessionResume' service-level option to allow or disallow session resumption - Download fresh ca-certs.pem for each new release. - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers). - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value. - Initial FIPS 3.0 support. - Client-side "protocol = ldap" support * Bugfixes - Fixed a transfer() loop bug. - Fixed reloading configuration with "systemctl reload stunnel.service". - Fixed incorrect messages logged for OpenSSL errors. - Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols. - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. - Fixed a tiny memory leak in configuration file reload error handling. - Fixed engine initialization. - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available. - Fix configuration reload when compression is used - Fix test suite fixed not to require external connectivity </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
