Security update for stunnel
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2015:1062-1
Final
1
1
2015-05-27T12:15:01Z
current
2015-05-27T12:15:01Z
2015-05-27T12:15:01Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for stunnel
This update fixes an authentication bypass when using
the 'redirect' option (CVE-2015-3644, bsc#931517, backport from v5.17).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-SERVER-12-2015-268
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2015/suse-su-20151062-1/
Link for SUSE-SU-2015:1062-1
https://lists.suse.com/pipermail/sle-security-updates/2015-June/001439.html
E-Mail link for SUSE-SU-2015:1062-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/931517
SUSE Bug 931517
https://www.suse.com/security/cve/CVE-2015-3644/
SUSE CVE CVE-2015-3644 page
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
stunnel-5.00-3.1
stunnel-5.00-3.1 as a component of SUSE Linux Enterprise Server 12
stunnel-5.00-3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.
CVE-2015-3644
SUSE Linux Enterprise Server 12:stunnel-5.00-3.1
SUSE Linux Enterprise Server for SAP Applications 12:stunnel-5.00-3.1
moderate
6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20151062-1/
https://www.suse.com/security/cve/CVE-2015-3644.html
CVE-2015-3644
https://bugzilla.suse.com/1177580
SUSE Bug 1177580
https://bugzilla.suse.com/931517
SUSE Bug 931517