Bug 33851 - socat new security issue CVE-2024-54661
Summary: socat new security issue CVE-2024-54661
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-12-12 15:49 CET by Nicolas Salguero
Modified: 2024-12-17 20:43 CET (History)
4 users (show)

See Also:
Source RPM: socat-1.8.0.0-1.1.mga9.src.rpm
CVE: CVE-2024-54661
Status comment: Fixed upstream in 1.8.0.2


Attachments

Description Nicolas Salguero 2024-12-12 15:49:01 CET
SUSE has issued an advisory on December 11:
https://lists.suse.com/pipermail/sle-security-updates/2024-December/019988.html
Nicolas Salguero 2024-12-12 15:50:10 CET

CVE: (none) => CVE-2024-54661
Whiteboard: (none) => MGA9TOO
Status comment: (none) => Fixed upstream in 1.8.0.2
Source RPM: (none) => socat-1.8.0.0-1.1.mga9.src.rpm

Comment 1 David GEIGER 2024-12-12 18:23:08 CET
Assigning to QA,

Packages in 9/Core/Updates_testing:
======================
socat-1.8.0.2-1.mga9

From SRPMS
socat-1.8.0.2-1.mga9.src.rpm

CC: (none) => geiger.david68210
Assignee: bugsquad => qa-bugs
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9

katnatek 2024-12-12 23:26:27 CET

Keywords: (none) => advisory

Comment 2 Herman Viaene 2024-12-13 11:48:20 CET
MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues
Ref bug 5986 for testing
# perl -e 'print "\r"."A"x 513' </tmp/socat-data socat readline exec:'cat /tmp/socat-data'
-bash: /tmp/socat-data: No such file or directory
# touch /tmp/socat-data
# perl -e 'print "\r"."A"x 513' </tmp/socat-data socat readline exec:'cat /tmp/socat-data'
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
and 
on this laptop
$ socat tcp-listen:1111,fork tcp-connect:<desktop>:22
is waiting
and on desktop
ssh -p 1111 <user>@<laptop>
Asks for password, OK.
So OK fdor me.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

Comment 3 katnatek 2024-12-13 21:04:15 CET
RH x86_64

installing socat-1.8.0.2-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: socat                 ##################################################################################################
      1/1: removing socat-1:1.8.0.0-1.1.mga9.x86_64
                                 ##################################################################################################


nheko still works and socat is a require fir nheko so I think is working

CC: (none) => andrewsfarm

Comment 4 Thomas Andrews 2024-12-17 17:57:52 CET
Validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Comment 5 Mageia Robot 2024-12-17 20:43:08 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0390.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.