Dear Users,

I have released version 4.55 of stunnel. This is a massive bugfix release, including a security bugfix. Update is highly recommended.

The ChangeLog entry:

Version 4.55, 2013.03.03, urgency: HIGH: * Security bugfix - OpenSSL updated to version 1.0.1e in Win32/Android builds. - Buffer overflow vulnerability fixed in the NTLM authentication of the CONNECT protocol negotiation. See https://www.stunnel.org/CVE-2013-1762.html for details. * New features - SNI wildcard matching in server mode. - Terminal version of stunnel (tstunnel.exe) build for Win32. * Bugfixes - Fixed write half-close handling in the transfer() function (thx to Dustin Lundquist). - Fixed EAGAIN error handling in the transfer() function (thx to Jan Bee). - Restored default signal handlers before execvp() (thx to Michael Weiser). - Fixed memory leaks in protocol negotiation (thx to Arthur Mesh). - Fixed a file descriptor leak during configuration file reload (thx to Arthur Mesh). - Closed SSL sockets were removed from the the transfer() c->fds poll. - Minor fix in handling exotic inetd-mode configurations. - WCE compilation fixes. - IPv6 compilation fix in protocol.c. - Windows installer fixes.

Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html

SHA-256 hash for stunnel-4.55.tar.gz: 5a4acecfabd454415c727435acdfca7dc46aa542998fb278293f494a6d36d37a

Best regards, Mike