Security update for stunnel

SUSE Security Update: Security update for stunnel
Announcement ID: SUSE-SU-2021:0194-1
Rating: moderate
References: #1177580 #1178533
Affected Products:
  • SUSE Linux Enterprise Module for Server Applications 15-SP2

An update that contains security fixes can now be installed.


This update for stunnel fixes the following issues:
Security issue fixed:

  • The "redirect" option was fixed to properly handle "verifyChain = yes" (bsc#1177580).

Non-security issues fixed:
  • Fix startup problem of the stunnel daemon (bsc#1178533)

  • update to 5.57: * Security bugfixes * New features - New securityLevel configuration file option. - Support for modern PostgreSQL clients - TLS 1.3 configuration updated for better compatibility. * Bugfixes - Fixed a transfer() loop bug. - Fixed memory leaks on configuration reloading errors. - DH/ECDH initialization restored for client sections. - Delay startup with systemd until network is online. - A number of testing framework fixes and improvements.

  • update to 5.56: - Various text files converted to Markdown format. - Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris. - Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn). - Retry unsuccessful port binding on configuration file reload. - Thread safety fixes in SSL_SESSION object handling. - Terminate clients on exit in the FORK threading model.

  • Fixup stunnel.conf handling: * Remove old static openSUSE provided stunnel.conf. * Use upstream stunnel.conf and tailor it for openSUSE using sed. * Don't show README.openSUSE when installing.

  • enable /etc/stunnel/conf.d
  • re-enable openssl.cnf

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Server Applications 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-194=1

Package List:

  • SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64):
    • stunnel-5.57-3.5.1
    • stunnel-debuginfo-5.57-3.5.1
    • stunnel-debugsource-5.57-3.5.1