Bug 732069

Summary: stunnel: heap corruption flaw in 4.4x leads to remote DoS and possible code execution [fedora-rawhide]
Product: [Fedora] Fedora Reporter: Vincent Danen <vdanen>
Component: stunnelAssignee: Avesh Agarwal <avagarwa>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 16CC: avagarwa, sgrubb
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: stunnel-4.42-1.fc16 Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-25 18:29:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 732068    

Description Vincent Danen 2011-08-19 17:06:24 UTC
fedora-rawhide tracking bug for stunnel: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.

[bug automatically created by: add-tracking-bugs]

Comment 1 Vincent Danen 2011-08-19 17:07:26 UTC
This is applicable to both F16 and rawhide, but to ensure F16 gets this fix, I'm flipping the version to 16.

Comment 2 Avesh Agarwal 2011-08-25 18:29:32 UTC
Closing it as the latest release of stunnel has been built in F16/F17.

Comment 3 Fedora Update System 2011-08-30 16:02:29 UTC
stunnel-4.42-1.fc16 has been submitted as an update for Fedora 16.

Comment 4 Fedora Update System 2011-10-05 17:35:36 UTC
stunnel-4.42-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.