MGASA-2012-0138
Date: | July 9th, 2012 |
Affected releases: | 1, 2 |
Description:
Updated socat package fixes security vulnerability:
Heap-based buffer overflow in the xioscan_readline function in
xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through
2.0.0-b4 allows local users to execute arbitrary code via the READLINE
address (CVE-2012-0219).
Also, on Mageia 1, invalid output and a possible process crash when
socat prints info about an unnamed unix domain socket has been fixed.
Updated Packages:
Mageia 1:
socat-1.7.1.3-2.1.mga1
Mageia 2:
socat-1.7.2.1-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0219
http://www.dest-unreach.org/socat/contrib/socat-secadv3.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081619.html
http://lists.opensuse.org/opensuse-updates/2012-07/msg00001.html
https://bugzilla.novell.com/show_bug.cgi?id=668319
https://bugs.mageia.org/show_bug.cgi?id=5986