Dear Users, I have released version 5.55 of stunnel. This release addresses a number of important Windows issues, including security vulnerabilities.
Version 5.55, 2019.06.10, urgency: HIGH * Security bugfixes - Fixed a Windows local privilege escalation vulnerability caused insecure OpenSSL cross-compilation defaults. Successful exploitation requires stunnel to be deployed as a Windows service, and user-writable C:\ folder. This vulnerability was discovered and reported by Rich Mirch. - OpenSSL DLLs updated to version 1.1.1c. * Bugfixes - Implemented a workaround for Windows hangs caused by its inability to the monitor the same socket descriptor from multiple threads. - Windows configuration (including cryptographic keys) is now completely removed at uninstall. - A number of testing framework fixes and improvements. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 90de69f41c58342549e74c82503555a6426961b29af3ed92f878192727074c62 stunnel-5.55.tar.gz e586b68da9e4faedf41cbcc8378402d7b188bb25b1f0f3cd1f2ce68620ef9e29 stunnel-5.55-win64-installer.exe 7af80d424986149629aad7d75710400f58ba259042c58557adf743627b5c8e3c stunnel-5.55-android.zip Best regards, Mike
signature.asc
Description: OpenPGP digital signature