Recommended update for socat

Announcement ID:	SUSE-RU-2024:2023-1
Rating:	moderate
References:	bsc#1160293 jsc#PED-8413
Affected Products:	Basesystem Module 15-SP5 openSUSE Leap 15.4 openSUSE Leap 15.5 openSUSE Leap Micro 5.3 openSUSE Leap Micro 5.4 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that contains one feature and has one fix can now be installed.

Description:

This update for socat fixes the following issues:

socat is updated to 1.8.0.0:

Primary feature is enabling TLS 1.3 support. (jsc#PED-8413)

* Support for network namespaces (option netns)
* TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
* Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
* New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
* New script socat-mux.sh allows n-to-1 / 1-to-n communications
* New script socat-broker.sh allows group communications
* Experimental socks5 client feature
* Address ACCEPT-FD for systemd "inetd" mode
* UDP-Lite and DCCP address types
* Addresses SOCKETPAIR and SHELL
* New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
* New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
* Simple statistics output with Socat option --statistics and with SIGUSR1
* A couple of new options, many fixes and corrections, see file CHANGES

Update to 1.7.4.4:

• FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position.
• FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived.
• FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses.
• FIX: bad parser error message on "socat /tmp/x\"x/x -"

Update to 1.7.4.3:

• fixes the TCP_INFO issue that broke building on non-Linux platforms.
• building on AIX works again.
• A few more corrections and improvements have been added

Update to version 1.7.4.2:

• Fixes a lot of bugs, e.g., for options -r and -R.
• Further bugfixes, see the CHANGES file

Update to 1.7.4.1:

Security:

• Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter.
• Many further bugfixes and new features, see the CHANGES file

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4
  zypper in -t patch SUSE-2024-2023=1
• openSUSE Leap Micro 5.3
  zypper in -t patch openSUSE-Leap-Micro-5.3-2024-2023=1
• openSUSE Leap Micro 5.4
  zypper in -t patch openSUSE-Leap-Micro-5.4-2024-2023=1
• openSUSE Leap 15.5
  zypper in -t patch openSUSE-SLE-15.5-2024-2023=1
• SUSE Linux Enterprise Micro for Rancher 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2024-2023=1
• SUSE Linux Enterprise Micro 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2024-2023=1
• SUSE Linux Enterprise Micro for Rancher 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2024-2023=1
• SUSE Linux Enterprise Micro 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2024-2023=1
• SUSE Linux Enterprise Micro 5.5
  zypper in -t patch SUSE-SLE-Micro-5.5-2024-2023=1
• Basesystem Module 15-SP5
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2023=1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2023=1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2023=1
• SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
  zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2023=1
• SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2023=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2023=1

Package List:

• openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-extra-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• openSUSE Leap Micro 5.3 (aarch64 x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
  • socat-debuginfo-1.8.0.0-150400.14.3.1
  • socat-debugsource-1.8.0.0-150400.14.3.1
  • socat-1.8.0.0-150400.14.3.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1160293
• https://jira.suse.com/browse/PED-8413