<div class="container">
<h1>Recommended update for socat</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2024:2023-2</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1160293">bsc#1160293</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-8413">jsc#PED-8413</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise Micro 5.5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that contains one feature and has one fix can now be installed.</p>
<h2>Description:</h2>
<p>This update for socat fixes the following issues:</p>
<p>socat is updated to 1.8.0.0:</p>
<p>Primary feature is enabling TLS 1.3 support. (jsc#PED-8413)</p>
<pre><code>* Support for network namespaces (option netns)
* TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
* Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
* New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
* New script socat-mux.sh allows n-to-1 / 1-to-n communications
* New script socat-broker.sh allows group communications
* Experimental socks5 client feature
* Address ACCEPT-FD for systemd "inetd" mode
* UDP-Lite and DCCP address types
* Addresses SOCKETPAIR and SHELL
* New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
* New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
* Simple statistics output with Socat option --statistics and with SIGUSR1
* A couple of new options, many fixes and corrections, see file CHANGES
</code></pre>
<p>Update to 1.7.4.4:</p>
<ul>
<li>FIX: In error.c msg2() there was a stack overflow on long messages: The
terminating \0 Byte was written behind the last position.</li>
<li>FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets
arrived.</li>
<li>FIX: a couple of weaknesses and errors when accessing invalid or
incompatible file system entries with UNIX domain, file, and generic
addresses.</li>
<li>FIX: bad parser error message on "socat /tmp/x\"x/x -"</li>
</ul>
<p>Update to 1.7.4.3:</p>
<ul>
<li>fixes the TCP_INFO issue that broke building on non-Linux platforms. </li>
<li>building on AIX works again. </li>
<li>A few more corrections and improvements have been added </li>
</ul>
<p>Update to version 1.7.4.2:</p>
<ul>
<li>Fixes a lot of bugs, e.g., for options -r and -R.</li>
<li>Further bugfixes, see the CHANGES file</li>
</ul>
<p>Update to 1.7.4.1:</p>
<p>Security:</p>
<ul>
<li>Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based buffer
overflow, assuming the attacker could provide this parameter. </li>
<li>Many further bugfixes and new features, see the CHANGES file</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Micro 5.5
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-5.5-2024-2023=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>socat-debugsource-1.8.0.0-150400.14.3.1</li>
<li>socat-1.8.0.0-150400.14.3.1</li>
<li>socat-debuginfo-1.8.0.0-150400.14.3.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1160293">https://bugzilla.suse.com/show_bug.cgi?id=1160293</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-8413">https://jira.suse.com/browse/PED-8413</a>
</li>
</ul>
</div>