This is the mail archive of the
cygwin
mailing list for the Cygwin project.
[ANNOUNCEMENT] [SECURITY] stunnel 5.55-1
- From: Andrew Schulman <schulman dot andrew at epa dot gov>
- To: cygwin at cygwin dot com
- Date: Thu, 13 Jun 2019 12:36:32 -0400
- Subject: [ANNOUNCEMENT] [SECURITY] stunnel 5.55-1
- Reply-to: cygwin at cygwin dot com
stunnel 5.55-1 is now available in Cygwin. This release includes the
following security fixes:
* Fixed a Windows local privilege escalation vulnerability caused insecure
OpenSSL cross-compilation defaults. Successful exploitation requires
stunnel to be deployed as a Windows service, and user-writable C:\ folder.
This vulnerability was discovered and reported by Rich Mirch.
* OpenSSL DLLs updated to version 1.1.1c.
If you have stunnel installed, you should update to this release right
away. Please see the upstream changelog[1] for the full list of fixes and
improvements since the previous Cygwin release, 5.50-1.
stunnel is a program that allows you to encrypt arbitrary TCP connections
inside TLS (Transport Layer Security, the successor to Secure Sockets Layer
(SSL)). stunnel can allow you to secure non-TLS-aware daemons and
protocols (like POP, IMAP, LDAP, etc) by having stunnel provide the
encryption, requiring no changes to the daemon's code.
Andrew E. Schulman
[1]https://www.stunnel.org/ChangeLog.md.html
*******************************************************************
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
cygwin-announce-unsubscribe-you=yourdomain.com_at_cygwin.com
If you need more information on unsubscribing, start reading here:
http://cygwin.com/lists.html#subscribe-unsubscribe
Please read *all* of the information on unsubscribing that is available
starting at this URL.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple