Mageia alert MGASA-2012-0138 (socat)

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0138: socat-1.7.1.3-2.1.mga1
 (1/core), socat-1.7.2.1-1.mga2 (2/core) 
Date:
    	       Mon, 9 Jul 2012 14:21:01 +0200
Message-ID:
    	       <20120709122101.GA8823@valstar.mageia.org>

MGASA-2012-0138
Date: 	July 9th, 2012
Affected releases: 	1, 2

Description:
Updated socat package fixes security vulnerability:

Heap-based buffer overflow in the xioscan_readline function in
xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through
2.0.0-b4 allows local users to execute arbitrary code via the READLINE
address (CVE-2012-0219).

Also, on Mageia 1, invalid output and a possible process crash when
socat prints info about an unnamed unix domain socket has been fixed.

Updated Packages:
Mageia 1:
socat-1.7.1.3-2.1.mga1

Mageia 2:
socat-1.7.2.1-1.mga2

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0219
http://www.dest-unreach.org/socat/contrib/socat-secadv3.html
http://lists.fedoraproject.org/pipermail/package-announce...
http://lists.opensuse.org/opensuse-updates/2012-07/msg000...
https://bugzilla.novell.com/show_bug.cgi?id=668319
https://bugs.mageia.org/show_bug.cgi?id=5986
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2012-0138: socat-1.7.1.3-2.1.mga1 (1/core), socat-1.7.2.1-1.mga2 (2/core)
Date:		Mon, 9 Jul 2012 14:21:01 +0200
Message-ID:		<20120709122101.GA8823@valstar.mageia.org>