In the OpenSSL address implementation the hard coded 1024 bit DH p parameter was not prime. The effective cryptographic strength of a key exchange using these parameters was weaker than the one one could get by using a prime p. Moreover, since there is no indication of how these parameters were chosen, the existence of a trapdoor that makes possible for an eavesdropper to recover the shared secret from a key exchange that uses them cannot be ruled out.
A new prime modulus p parameter has been generated by Socat developer using OpenSSL dhparam command.
In addition the new parameter is 2048 bit long.
A stack overflow vulnerability was found that can be triggered when command line arguments (complete address specifications, host names, file names) are longer than 512 bytes.
Successful exploitation might allow an attacker to execute arbitrary code with the privileges of the socat process.
This vulnerability can only be exploited when an attacker is able to inject data into socat's command line.
A vulnerable scenario would be a CGI script that reads data from clients and uses (parts of) this data as hostname for a Socat invocation.
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc sparc x86
Stable for HPPA.
Stable on alpha.
i've done the rest now
New GLSA created.
This issue was resolved and addressed in
GLSA 201612-23 at https://security.gentoo.org/glsa/201612-23
by GLSA coordinator Aaron Bauman (b-man).