Upstream has issued two advisories today (February 1): http://openwall.com/lists/oss-security/2016/02/01/4 http://openwall.com/lists/oss-security/2016/02/01/5 CVEs weren't specifically requested, but they may be assigned later. Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated socat package fixes security vulnerability: In socat before 2.0.0-b9, in the OpenSSL address implementation, the hard coded 1024 bit DH p parameter was not prime. It may be possible for an eavesdropper to recover the shared secret from a key exchange. In socat before 2.0.0-b9, a stack overflow vulnerability was found that can be triggered when command line arguments are longer than 512 bytes. This vulnerability can only be exploited when an attacker is able to inject data into socat's command line. References: http://openwall.com/lists/oss-security/2016/02/01/4 http://openwall.com/lists/oss-security/2016/02/01/5 ======================== Updated packages in core/updates_testing: ======================== socat-2.0.0-0.b9.1.mga5 from socat-2.0.0-0.b9.1.mga5.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=5986#c4
Whiteboard: (none) => has_procedure
mga5 x86_64 Mate Tested the b8 version before the update. No crash using the readline test from link in comment #1. As Claire remarked we do not appear to be vulnerable at this version. The remote login test worked fine from one local machine to another. Updated to socat-2.0.0-0.b9.1.mga5 $ perl -e 'print "\r"."A"x 513' < /tmp/socat-data socat readline exec:'cat /tmp/socat-data' AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $ socat tcp-listen:1111,fork tcp-connect:vega:22 $ ssh lcl@localhost -p 1111 Warning: Permanently added '[localhost]:1111' (RSA) to the list of known hosts. Password: Last login: Thu Jan 21 23:52:57 2016 from difda
CC: (none) => tarazed25
Whiteboard: has_procedure => has_procedure MGA5-64-OK
(In reply to David Walser from comment #0) > Upstream has issued two advisories today (February 1): > http://openwall.com/lists/oss-security/2016/02/01/4 CVE-2016-2217: http://openwall.com/lists/oss-security/2016/02/04/1 > http://openwall.com/lists/oss-security/2016/02/01/5 Not likely to receive a CVE: http://openwall.com/lists/oss-security/2016/02/02/7
Advisory: ======================== Updated socat package fixes security vulnerability: In socat before 2.0.0-b9, in the OpenSSL address implementation, the hard coded 1024 bit DH p parameter was not prime. It may be possible for an eavesdropper to recover the shared secret from a key exchange (CVE-2016-2217). In socat before 2.0.0-b9, a stack overflow vulnerability was found that can be triggered when command line arguments are longer than 512 bytes. This vulnerability can only be exploited when an attacker is able to inject data into socat's command line. References: http://openwall.com/lists/oss-security/2016/02/01/4 http://openwall.com/lists/oss-security/2016/02/04/1 http://openwall.com/lists/oss-security/2016/02/01/5
Summary: socat new security issues fixed upstream in 2.0.0-b9 => socat new security issues fixed upstream in 2.0.0-b9 (CVE-2016-2217)
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0053.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/674840/