Security update for stunnel

SUSE Security Update: Security update for stunnel

---

Announcement ID:	SUSE-SU-2021:0194-1
Rating:	moderate
References:	#1177580 #1178533
Affected Products:	SUSE Linux Enterprise Module for Server Applications 15-SP2

---

An update that contains security fixes can now be installed.

Description:

This update for stunnel fixes the following issues:
Security issue fixed:

• The "redirect" option was fixed to properly handle "verifyChain = yes" (bsc#1177580).

Non-security issues fixed:

• Fix startup problem of the stunnel daemon (bsc#1178533)

• update to 5.57: * Security bugfixes * New features - New securityLevel configuration file option. - Support for modern PostgreSQL clients - TLS 1.3 configuration updated for better compatibility. * Bugfixes - Fixed a transfer() loop bug. - Fixed memory leaks on configuration reloading errors. - DH/ECDH initialization restored for client sections. - Delay startup with systemd until network is online. - A number of testing framework fixes and improvements.

• update to 5.56: - Various text files converted to Markdown format. - Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris. - Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn). - Retry unsuccessful port binding on configuration file reload. - Thread safety fixes in SSL_SESSION object handling. - Terminate clients on exit in the FORK threading model.

• Fixup stunnel.conf handling: * Remove old static openSUSE provided stunnel.conf. * Use upstream stunnel.conf and tailor it for openSUSE using sed. * Don't show README.openSUSE when installing.

• enable /etc/stunnel/conf.d
• re-enable openssl.cnf

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Module for Server Applications 15-SP2:
  zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-194=1

Package List:

• SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64):
  • stunnel-5.57-3.5.1
  • stunnel-debuginfo-5.57-3.5.1
  • stunnel-debugsource-5.57-3.5.1

References:

• https://bugzilla.suse.com/1177580
• https://bugzilla.suse.com/1178533