User: Password:
Subscribe / Log in / New account

Mageia alert MGASA-2014-0070 (socat)

From:  Mageia Updates <>
Subject:  [updates-announce] MGASA-2014-0070: Updated socat package fixes security vulnerability
Date:  Sun, 16 Feb 2014 13:50:05 +0100
Message-ID:  <>

MGASA-2014-0070 - Updated socat package fixes security vulnerability Publication date: 16 Feb 2014 URL: Type: security Affected Mageia releases: 3, 4 CVE: CVE-2014-0019 Description: Due to a missing check in socat before 2.0.0-b7 during assembly of the HTTP request line, a long target server name (<hostname> in the documentation) in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen, for example, in scripts that receive data from untrusted sources (CVE-2014-0019). References: - - - SRPMS: - 4/core/socat-2.0.0-0.b7.1.mga4 - 3/core/socat-2.0.0-0.b7.1.mga3

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds