-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: stunnel security update Advisory ID: RHSA-2021:0620-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0620 Issue date: 2021-02-22 CVE Names: CVE-2021-20230 ===================================================================== 1. Summary: An update for stunnel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection (encrypted using SSL or TLS) or to provide an encrypted means of connecting to services that do not natively support encryption. Security Fix(es): * stunnel: client certificate not correctly verified when redirect and verifyChain options are used (CVE-2021-20230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1925226 - CVE-2021-20230 stunnel: client certificate not correctly verified when redirect and verifyChain options are used 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.1): Source: stunnel-5.48-6.el8_1.src.rpm aarch64: stunnel-5.48-6.el8_1.aarch64.rpm stunnel-debuginfo-5.48-6.el8_1.aarch64.rpm stunnel-debugsource-5.48-6.el8_1.aarch64.rpm ppc64le: stunnel-5.48-6.el8_1.ppc64le.rpm stunnel-debuginfo-5.48-6.el8_1.ppc64le.rpm stunnel-debugsource-5.48-6.el8_1.ppc64le.rpm s390x: stunnel-5.48-6.el8_1.s390x.rpm stunnel-debuginfo-5.48-6.el8_1.s390x.rpm stunnel-debugsource-5.48-6.el8_1.s390x.rpm x86_64: stunnel-5.48-6.el8_1.x86_64.rpm stunnel-debuginfo-5.48-6.el8_1.x86_64.rpm stunnel-debugsource-5.48-6.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20230 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYDOHQtzjgjWX9erEAQiX5w//fSp7muESFK0MFGna8G7hlPxBPiX3MGaT ccN+guyedREQKDkJbzcGj0IKmoajDZbiaE6DjpxqV3sUUZhI0yM3f3YHqBlLTZAa OulNwCZwOhmixUOVdm+9vG1xyPXFm7D5IiiGF8Cfkb5jheD5NhL1ZzVXVuNm2Sup 2EcR0Iv6OwRdVbJWlgYqrrKSzpCRsbssvzDM1erjqirrGx6VdYM6TB8EjXMZpqBi 5g3ajGiEKo3IJduvv6sk6lYtfr7qCU6zeZE1K3+Jn+PMurACKGQcb6UW/7IxEOY6 zaN4NWFBm0CrQSAzjqA/Cie7yK5c6RM3AGC231DjWSJwcL9gCstTTX8UGx/ci9J1 3x18RVpUJJ+6ulI2blp+oslYGVeIsuKFiF6ffUm5KNPQjQqDIHaRC3j5d6aL0LVA I16mUyVUb6xQ0hLgHZqYWBlbrWs1Pmv1mhlOfmUn+fSWBpWv8Dq6iY8zBrQXz9d5 suIna+6YhXPpvEmt57N4X59X37tNRaCm7XX8Q59gwMTYE/kdwYpzEfwd8pW3/vlQ 8TLWYpP2If/X+98XWHFvvdP8bbEWOjfAXQxs52znSNlYz0blzw/aUqfm14IqkNg8 HBnfdHxPZh/xon6GozoLhh67DT/aK/FGE3LHKbt3RQQBoBc1OYhMwLZWAPwsYt6Q /ohUy1hMz1I= =evFH -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce