Upstream has announced a security issue on January 24:
The issue will be fixed in 2.0.0-b8, which has not been released yet. A CVE identifier has also not been made available yet.
Mageia 4 is also affected.
Steps to Reproduce:
CVE-2015-1379 has been issued:
socat new security issue (possible DoS) =>
socat new security issue CVE-2015-1379
Upstream has finally issued an update for 2.0.0-b8:
Update committed in SVN for Mageia 4 and Cauldron. Freeze push requested.
Updated packages uploaded for Mageia 4 and Cauldron.
Updated socat package fixes security vulnerability:
In socat before 2.0.0-b8, signal handler implementations are not
async-signal-safe and can cause crash or freeze of socat processes. Mostly
this issue occurs when socat is in listening mode with fork option and a
couple of child processes terminate at the same time (CVE-2015-1379).
Updated packages in core/updates_testing:
Works fine for me on Mageia 4 i586.
Validating. Advisory uploaded.
Please push to 4 updates
has_procedure MGA4-32-OK =>
has_procedure advisory MGA4-32-OKCC:
An update for this issue has been pushed to Mageia Updates repository.