-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: stunnel security update Advisory ID: RHSA-2021:0619-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0619 Issue date: 2021-02-22 CVE Names: CVE-2021-20230 ===================================================================== 1. Summary: An update for stunnel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection (encrypted using SSL or TLS) or to provide an encrypted means of connecting to services that do not natively support encryption. Security Fix(es): * stunnel: client certificate not correctly verified when redirect and verifyChain options are used (CVE-2021-20230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1925226 - CVE-2021-20230 stunnel: client certificate not correctly verified when redirect and verifyChain options are used 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: stunnel-5.48-6.el8_2.src.rpm aarch64: stunnel-5.48-6.el8_2.aarch64.rpm stunnel-debuginfo-5.48-6.el8_2.aarch64.rpm stunnel-debugsource-5.48-6.el8_2.aarch64.rpm ppc64le: stunnel-5.48-6.el8_2.ppc64le.rpm stunnel-debuginfo-5.48-6.el8_2.ppc64le.rpm stunnel-debugsource-5.48-6.el8_2.ppc64le.rpm s390x: stunnel-5.48-6.el8_2.s390x.rpm stunnel-debuginfo-5.48-6.el8_2.s390x.rpm stunnel-debugsource-5.48-6.el8_2.s390x.rpm x86_64: stunnel-5.48-6.el8_2.x86_64.rpm stunnel-debuginfo-5.48-6.el8_2.x86_64.rpm stunnel-debugsource-5.48-6.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20230 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYDOKTtzjgjWX9erEAQh5whAAniQS7NIRQLDondyaE3KhyLb/AFW/gl0a JnqYms2VscBUrGqoiA1McSHynE2TIhEBv0A4kXlzYxcq3GtICa3KtCHlVeUiVBsx KZm8sJ1XWfUPchDpvI2wAELsRdcQW+GeLaAIiiy8SW42cbqrjpesKqsmvjQk/UAd IU9o50x8qqeqbyHy2/ke0Muztj3E+Fze+JzuTdlqtNsev577n2ull1nrxJxn7Gpt 2tSDWn12UWQ+52kO1CgRXRqZxZbNhYBgVkoSypj37AfSwO0k6QrSsnzKCmbldZ5O iwU+UYsesrKwGranlu7CuOO/pxrNL50SMvQm99HAhiW/kezxqdP6Mvhy0g5XuS6j RG5IdvqISGr5sevqmancSecG8HlMqLXT+0OgIuHTkd5lD29kYiBTmPwVDtQbaDCh kQ2/Iat/+VKUY1n5CEuL5WpgTcmEyOeLw5THtoIlGMYTqvvWvvSgVqccFyviTZK1 59Dse/6Ym4dePiNFxWOKw5hAhkkDSY1A0/xFC8xQEkltr/TVSNEhnrVxnHk75Qch DbTgUQEEFgN2nDSXq0rFFGJBvg+yDJ+Hxob72z437dPtdv6x/l5Ql0h6KanxIHqj 98aHYIp9o5GBYkVlpoIYmDo8fVKkmskm0Z7YtX/B7wJvS2sm/hCSClrj23DYbCer E7LmVQcsJQw= =LTzC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce