The stunnel program is designed to work as an SSL/TLS encryption wrapper between a client and a local or remote server.
It was discovered that stunnel did not correctly verified the client certificate when options “redirect” and “verifyChain” are used.
A remote attacker could send a specially crafted certificate, possibly resulting in a breach of integrity or confidentiality.
There is no known workaround at this time.
All stunnel users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/stunnel-5.58"