Red Hat Bugzilla – Bug 732068
CVE-2011-2940 stunnel: heap corruption flaw in 4.4x leads to remote DoS and possible code execution
Last modified: 2015-08-24 11:41:04 EDT
Stunnel 4.42 fixes a heap corruption vulnerability that may be exploited to possibly perform a remote DoS or remote code execution . The upstream changelog indicates that only 4.40 and 4.41 are affected.
Fedora 16 has a candidate build of 4.41, which would introduce this flaw; it should be updated to 4.42 immediately.
Created stunnel tracking bugs for this issue
Affects: fedora-rawhide [bug 732069]
This was assigned the name CVE-2011-2940.
Not vulnerable. This issue did not affect the versions of stunnel as shipped with Red Hat Enterprise Linux 4, 5, or 6.