Support / Security / Advisories / Mandriva Enterprise Server 5 / MDVSA-2010:183

Package name: socat
Date: 2010-09-15
Advisory ID: MDVSA-2010:183
Affected versions: MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in socat:

Stack-based buffer overflow in the nestlex function in nestlex.c
in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3,
when bidirectional data relay is enabled, allows context-dependent
attackers to execute arbitrary code via long command-line arguments
(CVE-2010-2799).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 986897a5455fe890db28a865d841c898  mes5/i586/socat-1.6.0.0-4.1mdvmes5.1.i586.rpm 
 b0eeb05a0aa40689073b90d2ad9c0c52  mes5/SRPMS/socat-1.6.0.0-4.1mdvmes5.1.src.rpm

MES5 x86_64

 a945969d69509c99a7433c3077c245de  mes5/x86_64/socat-1.6.0.0-4.1mdvmes5.1.x86_64.rpm 
 b0eeb05a0aa40689073b90d2ad9c0c52  mes5/SRPMS/socat-1.6.0.0-4.1mdvmes5.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2799