[SECURITY] Updated: stunnel-4.56-1

Andrew Schulman schulman.andrew@epamail.epa.gov
Sun Jun 30 15:36:00 GMT 2013

A new version of stunnel, 4.56-1, is available in the Cygwin distribution. This is a new upstream release, with assorted
minor updates and bug fixes, and one security fix:

* Buffer overflow vulnerability fixed in the NTLM authentication of the CONNECT protocol negotiation. See
https://www.stunnel.org/CVE-2013-1762.html for details.

You can read the upstream changelog at http://www.stunnel.org/news/.

stunnel is a program that allows you to encrypt arbitrary TCP connections
inside SSL (Secure Sockets Layer). stunnel can allow you to secure non-SSL
aware daemons and protocols (like POP, IMAP, LDAP, etc) by having stunnel
provide the encryption, requiring no changes to the daemon's code.

Andrew E. Schulman


To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.


If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:


If you need more information on unsubscribing, start reading here: 


Please read *all* of the information on unsubscribing that is available
starting at this URL.

More information about the Cygwin-announce mailing list