SUSE-SU-2016:0343-1: moderate: Security update for socat

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Feb 5 05:11:54 MST 2016


   SUSE Security Update: Security update for socat
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:0343-1
Rating:             moderate
References:         #821985 #860991 #964844 
Cross-References:   CVE-2013-3571 CVE-2014-0019
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Desktop 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves two vulnerabilities and has one
   errata is now available.

Description:


   This update for socat fixes the following issues:

   - CVE-2013-3571: Fix a file descriptor leak that could have been misused
     for a denial of service attack against socat running in server mode
     (bsc#821985)
   - CVE-2014-0019: PROXY-CONNECT address was vulnerable to a stack buffer
     overflow (bsc#860991)
   - Fix a stack overflow in the parser that could have been leveraged to
     execute arbitrary code (bsc#964844)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-socat-12384=1

   - SUSE Linux Enterprise Desktop 11-SP4:

      zypper in -t patch sledsp4-socat-12384=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-socat-12384=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      socat-1.7.0.0-1.18.2

   - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):

      socat-1.7.0.0-1.18.2

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      socat-debuginfo-1.7.0.0-1.18.2
      socat-debugsource-1.7.0.0-1.18.2


References:

   https://www.suse.com/security/cve/CVE-2013-3571.html
   https://www.suse.com/security/cve/CVE-2014-0019.html
   https://bugzilla.suse.com/821985
   https://bugzilla.suse.com/860991
   https://bugzilla.suse.com/964844



More information about the sle-security-updates mailing list