SUSE-SU-2016:0343-1: moderate: Security update for socat
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Feb 5 05:11:54 MST 2016
SUSE Security Update: Security update for socat
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:0343-1
Rating: moderate
References: #821985 #860991 #964844
Cross-References: CVE-2013-3571 CVE-2014-0019
Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Desktop 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for socat fixes the following issues:
- CVE-2013-3571: Fix a file descriptor leak that could have been misused
for a denial of service attack against socat running in server mode
(bsc#821985)
- CVE-2014-0019: PROXY-CONNECT address was vulnerable to a stack buffer
overflow (bsc#860991)
- Fix a stack overflow in the parser that could have been leveraged to
execute arbitrary code (bsc#964844)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-socat-12384=1
- SUSE Linux Enterprise Desktop 11-SP4:
zypper in -t patch sledsp4-socat-12384=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-socat-12384=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
socat-1.7.0.0-1.18.2
- SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):
socat-1.7.0.0-1.18.2
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
socat-debuginfo-1.7.0.0-1.18.2
socat-debugsource-1.7.0.0-1.18.2
References:
https://www.suse.com/security/cve/CVE-2013-3571.html
https://www.suse.com/security/cve/CVE-2014-0019.html
https://bugzilla.suse.com/821985
https://bugzilla.suse.com/860991
https://bugzilla.suse.com/964844
More information about the sle-security-updates
mailing list