Steve Arnolds package for bionic from
https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1847275/comments/25
works for me.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275
Title:
Hello everyone and especially the admins of this list.
I have tried to unsubscribe from this list and I can't do it because it
asks me for the password.
I have already requested a reminder of my password but the email does not
arrive.
Please tell me the steps to follow with this.
Thanks a lot.
I also think CVE-2021-20230 and this bug are probably two different
things. But Steve Arnold is also addressing CVE-2021-20230 in
Comment#25, and it's still considered unfixed on
https://ubuntu.com/security/CVE-2021-20230. So there is a a relation to
this CVE, but CVE-2021-20230 is not describing
I'm not convinced that CVE-2021-20230 is the same bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275
Title:
stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS
vulnerability
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-20230
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275
Title:
stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS
Ran into the same problem. The service never recovers after this error,
because the package is not shipped with a systemd unit, but with an old
/etc/init.d/stunnel4 script.
I ended up uninstalling the Ubuntu version, compling 5.60 (latest at the
time) from source and then running it with a
Would anyone like to test the 5.56 version with upstream patches? I
have it backported to bionic and focal here:
https://launchpad.net/~nerdboy/+archive/ubuntu/embedded/+packages
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi. I've been encoutering this issue on my OpenSSL-1.1.1 application.
Do you have any workaround? I found that SSL_SESSION list is corrupted
but I don't have any SSL_SESSSION related code in my app.
You can notice that symptom is same from the following backtrace:
/usr/local/bin/worker[0x509a21]
Seriously, this is almost a year old. What is the resolution? Where
are the upgraded pkgs? Leaving it to some unknown number of users to
devise their own out-of-band solution seems like a really bad idea when
all we really need is a current stunnel package built against the
current openssl lib.
Did everyone die? How is it that this is marked as undecided and not
fixed? The software crashes and fails to function. If SSH crashed and
failed to function I am sure that this would not be left undecided. So
is the answer to uninstall Ubuntu and install CentOS or Debian, maybe
even Windows?
I made a more radical decision, I upgraded to 20.04 LTS (focal), installed
Stunnel 5.56 and so far I have not had any crashes.
For those who want and can do this upgrade, I recommend them, since not only is
Stunnel updated, but also OpenSSL.
For newbies like me I share the commands:
sudo apt
Just install stunnel 5.56 from source. It's actually pretty painless. I got
tired of waiting and wrote a quick guide:
https://scottiestech.info/2020/06/23/fix-stunnel-bad-magic-at-ssl-c-error-crash-on-ubuntu/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
This thread takes several months without solution for Ubuntu 18.04 users.
I recently requested a backport to be able to update Stunnel to its latest
version.
Stunnel crash continuously and I think the update would help fix this problem.
Please Bionic Backports I request to give priority to my
In addition to my earlier packet capture and stack trace, I can now add
a detailed debug log from a different occurrence of this crash. See
attachment.
I turned the log level on stunnel all the way up to the maximum
(debug=7) and left things running until another attack hit my server.
This log
I've been seeing the same problem for months. Same exact stunnel4 -v as
posted above.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275
Title:
stunnel4: "INTERNAL ERROR: Bad magic at ssl.c,
I too see this problem with stunnel on a public-facing Ubuntu 18.04
server. In addition to the stack trace with debugging symbols that I
provided earlier, I now have a packet capture of one of the TLS sessions
that caused a crash.
I was lucky enough to catch the attacker in the act, and in
I had same problem on Ubuntu 18.04 host.
stunnel4 -v
[ ] Clients allowed=500
[.] stunnel 5.44 on x86_64-pc-linux-gnu platform
[.] Compiled with OpenSSL 1.1.0g 2 Nov 2017
[.] Running with OpenSSL 1.1.1 11 Sep 2018
[.] Update OpenSSL shared libraries or rebuild stunnel
[.] Threading:PTHREAD
Same problem on Ubuntu 18.04 host :
stunnel4 -v
[ ] Clients allowed=500
[.] stunnel 5.44 on x86_64-pc-linux-gnu platform
[.] Compiled with OpenSSL 1.1.0g 2 Nov 2017
[.] Running with OpenSSL 1.1.1 11 Sep 2018
[.] Update OpenSSL shared libraries or rebuild stunnel
[.] Threading:PTHREAD
Hello!
Is there a chance that this error will be fixed?
Or is it better to upgrade to Ubuntu 19.10?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275
Title:
stunnel4: "INTERNAL ERROR: Bad magic
Stacktrace:
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
set = {__val = {0, 140337533684800, 140725801169072, 94865733453904,
140725801169056, 15442105031219824384, 4, 94865733453904, 0,
15442105031219824384, 4, 1, 94865733453904, 1, 4, 94865708102691}}
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.8
Architecture: amd64
DistroRelease: Ubuntu 18.04
Package: stunnel4 3:5.44-1ubuntu3
PackageArchitecture: amd64
ProcEnviron:
LANG=C.UTF-8
TERM=xterm
PATH=(custom, no user)
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 4.15.0-65.74-generic 4.15.18
I have the same problem on two Ubuntu 18.04 hosts.
The error does not occur immediately. Sometimes it takes several days.
Reboot (systemctl restart stunnel4.service) helps.
stunnel.log: INTERNAL ERROR: Bad magic at ssl.c, line 117
# stunnel4 -v
[ ] Clients allowed=500
[.] stunnel 5.44 on
I can confirm I am also experiencing this issue on 18.04.
stunnel4 -v
[ ] Clients allowed=500
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: stunnel4 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275
Title:
Hmm, good question. 1.1.1 was pushed to bionic in June? Unfortunately
I don't think I have syslog going back that far on any affected machine.
I only recall this problem happening in the last few months.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: stunnel4 (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275
Title:
stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS
Do you know if you had the problem with the openssl 1.1.0 packages that
were in bionic before we released 1.1.1?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275
Title:
stunnel4: "INTERNAL
$ stunnel4 -v
[ ] Clients allowed=500
[.] stunnel 5.44 on x86_64-pc-linux-gnu platform
[.] Compiled with OpenSSL 1.1.0g 2 Nov 2017
[.] Running with OpenSSL 1.1.1 11 Sep 2018
[.] Update OpenSSL shared libraries or rebuild stunnel
[.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD
Thanks for reporting this issue.
What's the output of stunnel4 -v?
Which openssl packages are you using?
** Changed in: stunnel4 (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
(Report made public since it's being actively exploited.)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847275
Title:
stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS
vulnerability
30 matches
Mail list logo
