User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0070 (socat)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0070: Updated socat package fixes security vulnerability
Date:  Sun, 16 Feb 2014 13:50:05 +0100
Message-ID:  <20140216125005.B664241320@valstar.mageia.org>

MGASA-2014-0070 - Updated socat package fixes security vulnerability Publication date: 16 Feb 2014 URL: http://advisories.mageia.org/MGASA-2014-0070.html Type: security Affected Mageia releases: 3, 4 CVE: CVE-2014-0019 Description: Due to a missing check in socat before 2.0.0-b7 during assembly of the HTTP request line, a long target server name (<hostname> in the documentation) in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen, for example, in scripts that receive data from untrusted sources (CVE-2014-0019). References: - https://bugs.mageia.org/show_bug.cgi?id=12469 - http://openwall.com/lists/oss-security/2014/01/28/7 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0019 SRPMS: - 4/core/socat-2.0.0-0.b7.1.mga4 - 3/core/socat-2.0.0-0.b7.1.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds