2012/05/14: A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process (advisory). Fixed versions are 220.127.116.11 and 2.0.0-b5. Patches are available in the download area.
Arch teams, please test and mark stable:
Target KEYWORDS="alpha amd64 arm hppa ia64 ppc sparc x86"
Stable for HPPA.
Stable on alpha.
Heap-based buffer overflow in the xioscan_readline function in
xio-readline.c in socat 18.104.22.168 through 22.214.171.124 and 2.0.0-b1 through
2.0.0-b4 allows local users to execute arbitrary code via the READLINE
got ppc stabled by Brent on May 21th
Filing a new GLSA request.
This issue was resolved and addressed in
GLSA 201208-01 at http://security.gentoo.org/glsa/glsa-201208-01.xml
by GLSA coordinator Sean Amoss (ackle).