Summary: | <net-misc/socat-1.7.2.3 - PROXY-CONNECT address overflow (CVE-2014-0019) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1057746 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-01-29 09:34:49 UTC
Arch teams, please test and mark stable: =net-misc/socat-1.7.2.3 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc sparc x86 Don't worry too much about failing tests. Don't file a bug report about it (we have bug #277104 and bug #294586 already). Stable for HPPA. (In reply to Jeroen Roovers from comment #1) > Arch teams, please test and mark stable: > =net-misc/socat-1.7.2.3 > Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc sparc x86 > > Don't worry too much about failing tests. Don't file a bug report about it > (we have bug #277104 and bug #294586 already). You can avoid to mention the masked version(s) in the summary. amd64 stable x86 stable ppc stable sparc stable CVE-2014-0019 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0019): Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. alpha stable ia64 stable arm stable. Maintainer(s), please cleanup. Security, please vote. Thanks for your work, cleanup was done by Jeroen GLSA vote: no GLSA vote: no. Closing as [noglsa] |