Mageia Bugzilla – Bug 12469
socat new security issue CVE-2014-0019
Last modified: 2014-02-16 14:44:05 CET
Upstream has announced version 2.0.0-b7, fixing a security issue:
Mageia 3 and Mageia 4 will both need to be updated.
The URL above gives details on how to reproduce the issue, but notes that it cannot always be reliably reproduced.
The default compiler flags used in Mageia may reduce the impact of this flaw.
I've updated it in Cauldron and Mageia 3 SVN, and will update it in Mageia 4 SVN and build the updates after Mageia 4 is released.
Steps to Reproduce:
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron.
Updated socat package fixes security vulnerability:
Due to a missing check in socat before 2.0.0-b7 during assembly of the HTTP
request line, a long target server name (<hostname> in the documentation) in
the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation
requires that the attacker is able to provide the target server name to the
PROXY-CONNECT address in the command line. This can happen, for example, in
scripts that receive data from untrusted sources (CVE-2014-0019).
Updated packages in core/updates_testing:
Testing procedure in https://bugs.mageia.org/show_bug.cgi?id=5986#c4 and next comments.
Testing complete mga3 64 with the procedure here
Testing complete mga3 32
Fedora has issued an advisory for this on January 30:
Testing complete Mageia 4 i586.
I reproduce the security issue using the procedure linked in comment 0, thus I can confirm Mageia 4's package is vulnerable. The second command leads to a buffer overflow error.
After applying the update, the result is:
[akien@localhost ~]$ socat - PROXY-CONNECT:localhost:$(perl -e "print 'A' x 384"):1,proxyport=8080
2014/02/14 22:24:03 socat[6310.3073042176] E _xioopen_proxy_connect(): PROXY CONNECT buffer too small
I suppose this means the update correctly fixes the issue, since the new error is not a buffer overflow.
Tested for regression using the procedure linked in comment 2.
Testing complete Mageia 4 x86_64.
Validating update, advisory uploaded. Please push to 3 & 4 core/updates.