Recommended update for socat

Announcement ID:	SUSE-RU-2024:1952-1
Rating:	moderate
References:	bsc#1160293 jsc#PED-8413
Affected Products:	Basesystem Module 15-SP6 openSUSE Leap 15.6 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that contains one feature and has one fix can now be installed.

Description:

This update for socat fixes the following issues:

Update to 1.8.0.0:

• Support for network namespaces (option netns)
• TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
• Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
• New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
• New script socat-mux.sh allows n-to-1 / 1-to-n communications
• New script socat-broker.sh allows group communications
• Experimental socks5 client feature
• Address ACCEPT-FD for systemd "inetd" mode
• UDP-Lite and DCCP address types
• Addresses SOCKETPAIR and SHELL
• New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
• New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
• Simple statistics output with Socat option --statistics and with SIGUSR1

• A couple of new options, many fixes and corrections, see file CHANGES

• Note: This version introduces "socat1", linking to "socat"

Update to 1.7.4.4:

• FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position.
• FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived.
• FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses.
• FIX: bad parser error message on "socat /tmp/x\"x/x -"

Update to 1.7.4.3:

• fixes the TCP_INFO issue that broke building on non-Linux platforms.

Update to version 1.7.4.2:

• Fixes a lot of bugs, e.g., for options -r and -R.
• Further bugfixes, see the CHANGES file

Update to 1.7.4.1:

Security:

• Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter.
• Many further bugfixes and new features, see the CHANGES file

Update to version 1.7.3.4:

• bugfix release, see the CHANGES file for all changes

Update to version 1.7.3.3:

• bugfix release, see the CHANGES file for all changes

• We HAVE_SSLv23_*_method, just not as functions, but macros add the relevant defines in the command line so support for autonegotiation of the highest TLS version is restored.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.6
  zypper in -t patch SUSE-2024-1952=1 openSUSE-SLE-15.6-2024-1952=1
• Basesystem Module 15-SP6
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1952=1

Package List:

• openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
  • socat-debugsource-1.8.0.0-150600.20.3.1
  • socat-1.8.0.0-150600.20.3.1
  • socat-debuginfo-1.8.0.0-150600.20.3.1
  • socat-extra-1.8.0.0-150600.20.3.1
• Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
  • socat-debugsource-1.8.0.0-150600.20.3.1
  • socat-1.8.0.0-150600.20.3.1
  • socat-debuginfo-1.8.0.0-150600.20.3.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1160293
• https://jira.suse.com/browse/PED-8413