* [SECURITY] stunnel 5.55-1
@ 2019-06-13 16:37 Andrew Schulman
0 siblings, 0 replies; only message in thread
From: Andrew Schulman @ 2019-06-13 16:37 UTC (permalink / raw)
To: cygwin-announce
stunnel 5.55-1 is now available in Cygwin. This release includes the
following security fixes:
* Fixed a Windows local privilege escalation vulnerability caused insecure
OpenSSL cross-compilation defaults. Successful exploitation requires
stunnel to be deployed as a Windows service, and user-writable C:\ folder.
This vulnerability was discovered and reported by Rich Mirch.
* OpenSSL DLLs updated to version 1.1.1c.
If you have stunnel installed, you should update to this release right
away. Please see the upstream changelog[1] for the full list of fixes and
improvements since the previous Cygwin release, 5.50-1.
stunnel is a program that allows you to encrypt arbitrary TCP connections
inside TLS (Transport Layer Security, the successor to Secure Sockets Layer
(SSL)). stunnel can allow you to secure non-TLS-aware daemons and
protocols (like POP, IMAP, LDAP, etc) by having stunnel provide the
encryption, requiring no changes to the daemon's code.
Andrew E. Schulman
[1]https://www.stunnel.org/ChangeLog.md.html
*******************************************************************
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
cygwin-announce-unsubscribe-you=yourdomain.com_at_cygwin.com
If you need more information on unsubscribing, start reading here:
http://cygwin.com/lists.html#subscribe-unsubscribe
Please read *all* of the information on unsubscribing that is available
starting at this URL.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-06-13 16:37 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-13 16:37 [SECURITY] stunnel 5.55-1 Andrew Schulman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).