Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2420 to the following vulnerability: The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates. References: http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html http://www.securityfocus.com/bid/29309 http://www.frsirt.com/english/advisories/2008/1569 http://secunia.com/advisories/30335 http://xforce.iss.net/xforce/xfdb/42528
This issue does not affect versions of stunnel as shipped in Red Hat Enterprise Linux 2.1, 3, 4 and 5. Support for OCSP protocol was only implemented in version 4.16, all Red Hat Enterprise Linux versions ship older stunnel versions, which do not support OCSP protocol. http://stunnel.mirt.net/ChangeLog_sdf.html Version 4.16, 2006.08.31, urgency: MEDIUM: * New features sponsored by Hewlett-Packard [ ... ] o OCSP support: ocsp = <URL>
stunnel-4.24-0.fc7 has been submitted as an update for Fedora 7
stunnel-4.24-0.fc8 has been submitted as an update for Fedora 8
stunnel-4.24-1.fc9 has been submitted as an update for Fedora 9
stunnel-4.24-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
stunnel-4.24-0.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
stunnel-4.24-0.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Created attachment 307284 [details] Error report when applying stunnel update
(In reply to comment #8) > Error report when applying stunnel update Raymond, if you believe your problem is really caused by stunnel update, please open a separate bug report against specific Fedora version with further details. Your screenshot does not provide enough information and there's no suggestion there that the problem is caused by stunnel. Thanks!
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-4606 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-4579 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-4531