Package: stunnel4 Version: 3:5.68-2 Severity: important Tags: patch upstream X-Debbugs-Cc: r...@debian.org
In versions before 5.70, stunnel4 fails to recognize a new OpenSSL 3.x error code that signals that the remote side closed the network connection without performing a proper TLS shutdown. Instead, stunnel treats this situation as an error. If there was any pending data that the stunnel service had enqueued for sending over the encrypted connection, it is discarded, so if the TLS session is later resumed, the encrypted data stream will be corrupted. This is fixed in stunnel-5.70 by a block of code in the src/client.c file handling the SSL_R_UNEXPECTED_EOF_WHILE_READING error constant. -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldoldstable-updates'), (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages stunnel4 depends on: ii adduser 3.134 ii init-system-helpers 1.65.2 ii libc6 2.37-5 ii libssl3 3.0.9-1 ii libsystemd0 253.5-1 ii libwrap0 7.6.q-32 ii netbase 6.4 ii openssl 3.0.9-1 ii perl 5.36.0-7 ii systemd [systemd-sysusers] 253.5-1 stunnel4 recommends no packages. Versions of packages stunnel4 suggests: pn logcheck-database <none> -- no debconf information
signature.asc
Description: PGP signature