Advisories » MGASA-2015-0144

Updated socat packages fix CVE-2015-1379

Publication date: 15 Apr 2015
Modification date: 15 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1379

Description

Updated socat package fixes security vulnerability:

In socat before 2.0.0-b8, signal handler implementations are not
async-signal-safe and can cause crash or freeze of socat processes. Mostly
this issue occurs when socat is in listening mode with fork option and a
couple of child processes terminate at the same time (CVE-2015-1379).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15131
• http://openwall.com/lists/oss-security/2015/04/06/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1379

SRPMS

4/core

• socat-2.0.0-0.b8.1.mga4