-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: stunnel security update Advisory ID: RHSA-2021:0618-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0618 Issue date: 2021-02-22 CVE Names: CVE-2021-20230 ===================================================================== 1. Summary: An update for stunnel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection (encrypted using SSL or TLS) or to provide an encrypted means of connecting to services that do not natively support encryption. Security Fix(es): * stunnel: client certificate not correctly verified when redirect and verifyChain options are used (CVE-2021-20230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1925226 - CVE-2021-20230 stunnel: client certificate not correctly verified when redirect and verifyChain options are used 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: stunnel-5.56-5.el8_3.src.rpm aarch64: stunnel-5.56-5.el8_3.aarch64.rpm stunnel-debuginfo-5.56-5.el8_3.aarch64.rpm stunnel-debugsource-5.56-5.el8_3.aarch64.rpm ppc64le: stunnel-5.56-5.el8_3.ppc64le.rpm stunnel-debuginfo-5.56-5.el8_3.ppc64le.rpm stunnel-debugsource-5.56-5.el8_3.ppc64le.rpm s390x: stunnel-5.56-5.el8_3.s390x.rpm stunnel-debuginfo-5.56-5.el8_3.s390x.rpm stunnel-debugsource-5.56-5.el8_3.s390x.rpm x86_64: stunnel-5.56-5.el8_3.x86_64.rpm stunnel-debuginfo-5.56-5.el8_3.x86_64.rpm stunnel-debugsource-5.56-5.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20230 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYDOHXdzjgjWX9erEAQgJHA//XO6gs71FL1/5O9e3ckFV4QkIKF8Z2d+f rQwSmpcelOEYGV5q56EF7cZV7MhunQcXVia8gBXdZMSA9liPBNR7b3VXgYrmPHgk /6nU/2IkvxT6GwZBchAO0DQlXvD7TUZGQmoI0llmvHBrj93BG3WeoSi4hQIauBLZ tuGhH8euKCNwX/XJJ+7V5t7JjWDE5FzGFMcfw6i/DO6hhn47f1IOeUz+TH3iXRpd uvE1aF9TMcctKn3jQj7w/7Uf0UCpBpOa32SKKRmjMrtExmHSTJJ3tM7c0xgGEg35 w4h6PEeUHc5x4aWM9fNZcWaPAyPgNPj925DMYRVlVM2L6O3HiNPojwnZNSHJ9YS5 MYeTQikLN7Gbkt+MM1JOusLn00oOxgmYXEjTnaallKwDrWw5U2SwuH333ISRmlvb Mm+0j+G/91flDDxg1kCIeC39eSnn7sAcn6CucJV52HLgQbevtEwKSpnrqlg/TWh7 c02PGOoGK7hVKGTxddMrMT/PxIfCKzonJhvqn+pxujb6T8c5cl6HC+cJEEfaNl9e AzaI5/0d9jx4I46A7azHlp35vW5a+CbNq0mocN7JRW3QgqXZgrghgazeCs5lOBte RCWzLdPHbwjohTfu2lxymvzUb9aU9HlQnnCyeGLPuUnafaHCkyDeW/OjtY2jeV5r rsEhsbXmB+4= =Zo9I -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce