Replacing openssl and the certs should be an effective patch. You can always check by running ldd against the stunnel binary to confirm it is linking to a specific SSL library.

There is also some consideration that you must assume systems were compromised and snooped and change all passwords as well...
Regards,
KAM

Koenraad Lelong <stunnel@ace-electronics.be> wrote:
op 10-04-14 12:15, Koenraad Lelong schreef:
op 08-04-14 16:58, Burak Say schreef:
Hello,

When do you think you can release a patch to use OpenSSL 1.0.1g instead
of 1.0.1f?


Hi,

I would like to know if I'm safe when I installed the latest
openssl-libraries comming from ubuntu (for 12.04LTS). Or do I need to
update stunnel also ? The ubuntu package for the latest stunnel seems
unavailable right now.

Regards,

Koenraad.

I just thought of looking in the package-manager. This says stunnel 
depends on libssl1.0.0 (installed 1.0.1-4ubun!
 tu5.12)
and on openssl 
(installed 1.0.1-4ubuntu5.12).
So I presume I can generate new certificates.

Koenraad.


stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users