[prev in list] [next in list] [prev in thread] [next in thread] 

List:       stunnel-users
Subject:    Re: RedHat RPMS
From:       Brian Hatch <bri () stunnel ! org>
Date:       2002-07-10 5:19:43
[Download RAW message or body]


> >What version of Stunnel are they shipping?  If it's an older one that
> >didn't have any problems, then that's fine.  Compare the version against
> >the list of Stunnel vulnerabilities.
> 
> In RedHat 6.2, they shipped 3.10-2 (that is the version reported by 'rpm 
> -q') and there has been no patch or update for this. It could be that this 
> RPM is based on 3.10 with some fixes back-ported?

Porting security patches back to a known version (without additional
features and such that they haven't tested) is very very common (and
usually a good idea because it fixes the security problem without
adding new untested code to the distribution.)

IIRC, 3.10 has no known security-related bugs.  Some bugs were
introduced after that, and fixed in 3.22.

--
Brian Hatch                  Do infants enjoy infancy
   Systems and                as much as adults enjoy
   Security Engineer          adultery?
http://www.ifokr.org/bri/

Every message PGP signed

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]