<div class="container">
<h1>Recommended update for socat</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2024:1952-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1160293">bsc#1160293</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-8413">jsc#PED-8413</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">Basesystem Module 15-SP6</li>
<li class="list-group-item">openSUSE Leap 15.6</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP6</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that contains one feature and has one fix can now be installed.</p>
<h2>Description:</h2>
<p>This update for socat fixes the following issues:</p>
<p>Update to 1.8.0.0:</p>
<ul>
<li>Support for network namespaces (option netns)</li>
<li>TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success</li>
<li>Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)</li>
<li>New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL</li>
<li>New script socat-mux.sh allows n-to-1 / 1-to-n communications</li>
<li>New script socat-broker.sh allows group communications</li>
<li>Experimental socks5 client feature</li>
<li>Address ACCEPT-FD for systemd "inetd" mode</li>
<li>UDP-Lite and DCCP address types</li>
<li>Addresses SOCKETPAIR and SHELL</li>
<li>New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes</li>
<li>New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets</li>
<li>Simple statistics output with Socat option --statistics and with SIGUSR1</li>
<li>
<p>A couple of new options, many fixes and corrections, see file CHANGES</p>
</li>
<li>
<p>Note: This version introduces "socat1", linking to "socat"</p>
</li>
</ul>
<p>Update to 1.7.4.4:</p>
<ul>
<li>FIX: In error.c msg2() there was a stack overflow on long messages: The
terminating \0 Byte was written behind the last position.</li>
<li>FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets
arrived.</li>
<li>FIX: a couple of weaknesses and errors when accessing invalid or
incompatible file system entries with UNIX domain, file, and generic
addresses.</li>
<li>FIX: bad parser error message on "socat /tmp/x\"x/x -"</li>
</ul>
<p>Update to 1.7.4.3:</p>
<ul>
<li>fixes the TCP_INFO issue that broke building on non-Linux platforms. </li>
</ul>
<p>Update to version 1.7.4.2:</p>
<ul>
<li>Fixes a lot of bugs, e.g., for options -r and -R.</li>
<li>Further bugfixes, see the CHANGES file</li>
</ul>
<p>Update to 1.7.4.1:</p>
<p>Security:</p>
<ul>
<li>Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based buffer
overflow, assuming the attacker could provide this parameter. </li>
<li>Many further bugfixes and new features, see the CHANGES file</li>
</ul>
<p>Update to version 1.7.3.4:</p>
<ul>
<li>bugfix release, see the CHANGES file for all changes</li>
</ul>
<p>Update to version 1.7.3.3:</p>
<ul>
<li>
<p>bugfix release, see the CHANGES file for all changes</p>
</li>
<li>
<p>We HAVE_SSLv23_*_method, just not as functions, but macros
add the relevant defines in the command line so support for
autonegotiation of the highest TLS version is restored.</p>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap 15.6
<br/>
<code>zypper in -t patch SUSE-2024-1952=1 openSUSE-SLE-15.6-2024-1952=1</code>
</li>
<li class="list-group-item">
Basesystem Module 15-SP6
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1952=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
<ul>
<li>socat-debugsource-1.8.0.0-150600.20.3.1</li>
<li>socat-1.8.0.0-150600.20.3.1</li>
<li>socat-debuginfo-1.8.0.0-150600.20.3.1</li>
<li>socat-extra-1.8.0.0-150600.20.3.1</li>
</ul>
</li>
<li>
Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
<ul>
<li>socat-debugsource-1.8.0.0-150600.20.3.1</li>
<li>socat-1.8.0.0-150600.20.3.1</li>
<li>socat-debuginfo-1.8.0.0-150600.20.3.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1160293">https://bugzilla.suse.com/show_bug.cgi?id=1160293</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-8413">https://jira.suse.com/browse/PED-8413</a>
</li>
</ul>
</div>