# Recommended update for socat Announcement ID: SUSE-RU-2024:1952-1 Rating: moderate References: * bsc#1160293 * jsc#PED-8413 Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that contains one feature and has one fix can now be installed. ## Description: This update for socat fixes the following issues: Update to 1.8.0.0: * Support for network namespaces (option netns) * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following) * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL * New script socat-mux.sh allows n-to-1 / 1-to-n communications * New script socat-broker.sh allows group communications * Experimental socks5 client feature * Address ACCEPT-FD for systemd "inetd" mode * UDP-Lite and DCCP address types * Addresses SOCKETPAIR and SHELL * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets * Simple statistics output with Socat option --statistics and with SIGUSR1 * A couple of new options, many fixes and corrections, see file CHANGES * Note: This version introduces "socat1", linking to "socat" Update to 1.7.4.4: * FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position. * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived. * FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses. * FIX: bad parser error message on "socat /tmp/x\"x/x -" Update to 1.7.4.3: * fixes the TCP_INFO issue that broke building on non-Linux platforms. Update to version 1.7.4.2: * Fixes a lot of bugs, e.g., for options -r and -R. * Further bugfixes, see the CHANGES file Update to 1.7.4.1: Security: * Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter. * Many further bugfixes and new features, see the CHANGES file Update to version 1.7.3.4: * bugfix release, see the CHANGES file for all changes Update to version 1.7.3.3: * bugfix release, see the CHANGES file for all changes * We HAVE_SSLv23_*_method, just not as functions, but macros add the relevant defines in the command line so support for autonegotiation of the highest TLS version is restored. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-1952=1 openSUSE-SLE-15.6-2024-1952=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1952=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * socat-debugsource-1.8.0.0-150600.20.3.1 * socat-1.8.0.0-150600.20.3.1 * socat-debuginfo-1.8.0.0-150600.20.3.1 * socat-extra-1.8.0.0-150600.20.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * socat-debugsource-1.8.0.0-150600.20.3.1 * socat-1.8.0.0-150600.20.3.1 * socat-debuginfo-1.8.0.0-150600.20.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1160293 * https://jira.suse.com/browse/PED-8413