-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users,
The bug was introduced in the session persistence feature added in stunnel 5.15. It may cause random crashes of stunnel configured as a TLS server (i.e., "client = no", which is the default). In order to fix it, stunnel should be upgraded to version 5.17. Fortunately, this bug does not have any substantial security impact. Mike On 25.04.2015 11:15, Michal Trojnara wrote: > Hi Mirek, > > Please collect the stack backtrace as explained here: > http://linux.bytesex.org/gdb.html > > Make sure to send the backtrace directly to me only, as your > problem may have severe security implications. I will work with > you to solve it, and then I will provide a solution to the mailing > list subscribers. > > I may also need your custom stunnel 5.15 binary and the generated > core files, so please save them. > > Best regards, Mike > > On 25.04.2015 00:10, Miroslaw Pietrzyk wrote: >> Hi, I have a problem with one of the stunnel installation >> (debian7). After some time of operation automatically turns >> itself off with the message: (...) Apr 24 21:03:45 routerpri >> kernel: [177332.400502] stunnel[34426]: segfault at 0 ip >> 00007f1f99ca9e20 sp 00007f1f99c16c68 error 4 in >> stunnel[7f1f99c94000+24000] (...) Apr 24 21:21:36 routerpri >> kernel: [178402.360532] stunnel[34795]: segfault at 0 ip >> 00007f84d6b8be20 sp 00007f84d6b49c68 error 4 in >> stunnel[7f84d6b76000+24000] (...) Apr 24 21:23:31 routerpri >> kernel: [178517.215345] stunnel[34908]: segfault at 0 ip >> 00007f150c5b3e20 sp 00007f150c58cc68 error 4 in >> stunnel[7f150c59e000+24000] (...) > > >> stunnel 5.15 on x86_64-unknown-linux-gnu platform >> Compiled/running with OpenSSL 1.0.1e 11 Feb 2013 > >> stunnel.conf: pid = /var/run/stunnel.pid socket = l:TCP_NODELAY=1 >> socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel.log >> syslog = yes client = no fips = no verify = 0 CAfile = >> /etc/stunnel/SubCA2.crt CRLfile = /etc/stunnel/SubCA2_CRL.pem > >> [service_1] accept = 192.168.1.10:1000 connect = >> 192.168.1.10:1234 cert = /etc/stunnel/cert1.crt key = >> /etc/stunnel/cert1_key.pem ciphers = >> HIGH:!SSLv2:!ADH:!Exp:!aNULL:!eNULL:!NULL sslVersion = TLSv1.2 > >> When I use the lower level of encryption for example SSLv3, >> problem occurs after a longer period of normal operation. I will >> only add that the problem has also appeared on the previous >> version 4.54, which I was updating to the newest. Do you have any >> idea what could be causing the problem. > >> Regards Mirek > > >> _______________________________________________ stunnel-users >> mailing list [email protected] >> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > > _______________________________________________ stunnel-users > mailing list [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJVRoWvAAoJEC78f/DUFuAUlw0P/3Jk337oPWDvDxPg7BxDmwoI hXobXz8FrCuANh3vvzYY8eCIYl+IBcPouZrZi5mMvkTyDh13+J2ZE+Sn5XMXOJXI 95+3Is4EWWjsYOwmk/VaFH8vL8D5okZv+8XCas1M5jaut5SJWr8as5JgEO5JuvrJ fW/xZRNgFDQjL6QG5SAn3FC4/KAZqYWOBG21DUGUTG6T9kwzypnXTQWwi53ZeN7M +1TGEZUGn4cFoBwhHw1g3lQOfE4LjP/bkWmuAIZHKN4V3gWRaoYgUtAOmS5QkjUP +2NZIbUaiQVimWymAJ7nS6nURbF80TcQ7+HksgAc7aeCrvWaUDYb3pfjl2MGW7uo nRNh/atxh+wxHa+Z1Xaato3yqd2hZeLsLjJ8FRArywsVPbNANcdcc2nfYhqXEpFu tOs53Yb5XPcTeaB/eClliq5z0zq7sBobKljK41s2aBz3BGZFYa2nFSUYB+SF/fDv /fkmvRFCeZnKPhLUo0kms0Q3H1Oz3aLUHzVDW5muqhgLRgfMgn6z42izCf42WVXF SoUz+P0eIHuCJurUB7LDJeLYh7gTPnE3dZhIaq4pZSlIcjw8F28V2yFchzO+Gw5X CDMIiuuJqCCgdv1u8Oef7Z5o8xHLkmYOs+c+qvx3Qw27H/Gqzoq7xLSle1FeEpei Q5q73Q4LgxqBQg1B/KMl =l/k8 -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
