Updated socat package fixes security vulnerabilityPublication date: 16 Feb 2014
Affected Mageia releases : 3 , 4
Due to a missing check in socat before 2.0.0-b7 during assembly of the HTTP request line, a long target server name (
in the documentation) in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen, for example, in scripts that receive data from untrusted sources (CVE-2014-0019).