Recommended update for socat
Announcement ID: |
SUSE-RU-2024:1952-1 |
Rating: |
moderate |
References: |
|
Affected Products: |
- Basesystem Module 15-SP6
- openSUSE Leap 15.6
- SUSE Linux Enterprise Desktop 15 SP6
- SUSE Linux Enterprise Real Time 15 SP6
- SUSE Linux Enterprise Server 15 SP6
- SUSE Linux Enterprise Server for SAP Applications 15 SP6
|
An update that contains one feature and has one fix can now be installed.
Description:
This update for socat fixes the following issues:
Update to 1.8.0.0:
- Support for network namespaces (option netns)
- TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
- Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
- New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
- New script socat-mux.sh allows n-to-1 / 1-to-n communications
- New script socat-broker.sh allows group communications
- Experimental socks5 client feature
- Address ACCEPT-FD for systemd "inetd" mode
- UDP-Lite and DCCP address types
- Addresses SOCKETPAIR and SHELL
- New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
- New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
- Simple statistics output with Socat option --statistics and with SIGUSR1
-
A couple of new options, many fixes and corrections, see file CHANGES
-
Note: This version introduces "socat1", linking to "socat"
Update to 1.7.4.4:
- FIX: In error.c msg2() there was a stack overflow on long messages: The
terminating \0 Byte was written behind the last position.
- FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets
arrived.
- FIX: a couple of weaknesses and errors when accessing invalid or
incompatible file system entries with UNIX domain, file, and generic
addresses.
- FIX: bad parser error message on "socat /tmp/x\"x/x -"
Update to 1.7.4.3:
- fixes the TCP_INFO issue that broke building on non-Linux platforms.
Update to version 1.7.4.2:
- Fixes a lot of bugs, e.g., for options -r and -R.
- Further bugfixes, see the CHANGES file
Update to 1.7.4.1:
Security:
- Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based buffer
overflow, assuming the attacker could provide this parameter.
- Many further bugfixes and new features, see the CHANGES file
Update to version 1.7.3.4:
- bugfix release, see the CHANGES file for all changes
Update to version 1.7.3.3:
-
bugfix release, see the CHANGES file for all changes
-
We HAVE_SSLv23_*_method, just not as functions, but macros
add the relevant defines in the command line so support for
autonegotiation of the highest TLS version is restored.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.6
zypper in -t patch SUSE-2024-1952=1 openSUSE-SLE-15.6-2024-1952=1
-
Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1952=1
Package List:
-
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
- socat-debugsource-1.8.0.0-150600.20.3.1
- socat-1.8.0.0-150600.20.3.1
- socat-debuginfo-1.8.0.0-150600.20.3.1
- socat-extra-1.8.0.0-150600.20.3.1
-
Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
- socat-debugsource-1.8.0.0-150600.20.3.1
- socat-1.8.0.0-150600.20.3.1
- socat-debuginfo-1.8.0.0-150600.20.3.1
References: