From ${URL} : Socat security advisory - FD leak Overview Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. Vulnerability Id: CVE-2013-3571 Details The issue occurs when a vulnerable version of socat is invoked with a listen type address with option fork and one or more of the options sourceport, lowport, range, or tcpwrap. When socat refuses a client connection due to one of these address or port restrictions it does shutdown() the socket but does not close() it, resulting in a file descriptor leak in the listening process, visible with command lsof and possibly resulting in error EMFILE "Too many open files". Testcase In one terminal run the server: socat -d tcp-listen:10000,reuseaddr,fork,range=0.0.0.0/32 pipe In a second terminal see which FDs are open, then connect (implicitely using a forbidden address), and check if there is a new FD open, e.g.: lsof -p $(pgrep socat) socat /dev/null tcp:localhost:10000 lsof -p $(pgrep socat) If the second lsof shows an additional FD as in the following line, this socat version is vulnerable: socat 17947 gerhard 4u sock 0,6 0t0 1145265 can't identify protocol Workaround Use IP filters in your OS or firewall. Restart socat when it crashed. Affected versions 1.2.0.0 - 1.7.2.1 2.0.0-b1 - 2.0.0-b5 Not affected or corrected versions 1.0.0.0 - 1.1.0.1 1.7.2.2 and later 2.0.0-b6 and later Download The updated sources can be downloaded from: http://www.dest-unreach.org/socat/download/socat-1.7.2.2.tar.gz http://www.dest-unreach.org/socat/download/socat-2.0.0-b6.tar.gz Patch to 1.7.2.1: http://www.dest-unreach.org/socat/download/socat-1.7.2.2.patch.gz Patch to 2.0.0-b5: http://www.dest-unreach.org/socat/download/socat-2.0.0-b6.patch.gz Credits Full credits to Catalin Mitrofan for finding and reporting this issue. @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Arch teams, please test and mark stable: =net-misc/socat-1.7.2.2 Stable KEYWORDS : alpha amd64 arm hppa ia64 ppc sparc x86
Stable for HPPA.
arm stable
* QA Notice: Package triggers severe warnings which indicate that it * may exhibit random runtime failures. * xio-ip6.c:233:7: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] * filan.c:617:7: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] * filan.c:617:7: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] * filan.c:630:3: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] * filan.c:633:3: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] * filan.c:635:3: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] * filan.c:638:4: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] * filan.c:909:7: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] * filan.c:911:7: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] I took a look into code, it seems that all of these are are debug printf's with impropper casts, so this should be fine, I guess. Other than that, amd64: ok
amd64 stable, thanks to Tomáš Pružina x86 stable
alpha stable
ia64 stable
ppc stable
sparc stable
GLSA vote: no.
GLSA vote: no Closing as noglsa