Security update for socat
SUSE Security Update: Security update for socat
Announcement ID: | SUSE-SU-2016:0343-1 |
Rating: | moderate |
References: | #821985 #860991 #964844 |
Affected Products: |
An update that solves two vulnerabilities and has one errata is now available.
Description:
This update for socat fixes the following issues:
- CVE-2013-3571: Fix a file descriptor leak that could have been misused
for a denial of service attack against socat running in server mode
(bsc#821985)
- CVE-2014-0019: PROXY-CONNECT address was vulnerable to a stack buffer
overflow (bsc#860991)
- Fix a stack overflow in the parser that could have been leveraged to
execute arbitrary code (bsc#964844)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-socat-12384=1
- SUSE Linux Enterprise Desktop 11-SP4:
zypper in -t patch sledsp4-socat-12384=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-socat-12384=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
- socat-1.7.0.0-1.18.2
- SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):
- socat-1.7.0.0-1.18.2
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
- socat-debuginfo-1.7.0.0-1.18.2
- socat-debugsource-1.7.0.0-1.18.2