A stunnel security update has been released for openSUSE Leap 15.2.

openSUSE-SU-2021:0160-1: moderate: Security update for stunnel

openSUSE Security Update: Security update for stunnel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2021:0160-1
Rating: moderate
References: #1177580 #1178533
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for stunnel fixes the following issues:

Security issue fixed:

- The "redirect" option was fixed to properly handle "verifyChain = yes"
(bsc#1177580).

Non-security issues fixed:

- Fix startup problem of the stunnel daemon (bsc#1178533)

- update to 5.57:
* Security bugfixes
* New features
- New securityLevel configuration file option.
- Support for modern PostgreSQL clients
- TLS 1.3 configuration updated for better compatibility.
* Bugfixes
- Fixed a transfer() loop bug.
- Fixed memory leaks on configuration reloading errors.
- DH/ECDH initialization restored for client sections.
- Delay startup with systemd until network is online.
- A number of testing framework fixes and improvements.

- update to 5.56:
- Various text files converted to Markdown format.
- Support for realpath(3) implementations incompatible with
POSIX.1-2008, such as 4.4BSD or Solaris.
- Support for engines without PRNG seeding methods (thx to Petr
Mikhalitsyn).
- Retry unsuccessful port binding on configuration file reload.
- Thread safety fixes in SSL_SESSION object handling.
- Terminate clients on exit in the FORK threading model.

- Fixup stunnel.conf handling:
* Remove old static openSUSE provided stunnel.conf.
* Use upstream stunnel.conf and tailor it for openSUSE using sed.
* Don't show README.openSUSE when installing.

- enable /etc/stunnel/conf.d
- re-enable openssl.cnf

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-160=1


Package List:

- openSUSE Leap 15.2 (noarch):

stunnel-doc-5.57-lp152.2.3.1

- openSUSE Leap 15.2 (x86_64):

stunnel-5.57-lp152.2.3.1
stunnel-debuginfo-5.57-lp152.2.3.1
stunnel-debugsource-5.57-lp152.2.3.1

References:

  https://bugzilla.suse.com/1177580
  https://bugzilla.suse.com/1178533