Lucene search

Gentoo FoundationMGASA-2015-0144

HistoryApr 15, 2015 - 12:01 p.m.

Updated socat packages fix CVE-2015-1379

2015-04-1512:01:28

Gentoo Foundation

advisories.mageia.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.007 Low

EPSS

Percentile

80.4%

JSON

Updated socat package fixes security vulnerability: In socat before 2.0.0-b8, signal handler implementations are not async-signal-safe and can cause crash or freeze of socat processes. Mostly this issue occurs when socat is in listening mode with fork option and a couple of child processes terminate at the same time (CVE-2015-1379).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchsocat< 2.0.0-0.b8.1socat-2.0.0-0.b8.1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	socat	< 2.0.0-0.b8.1	socat-2.0.0-0.b8.1.mga4

References

openwall.com/lists/oss-security/2015/04/06/4

bugs.mageia.org/show_bug.cgi?id=15131

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for MGASA-2015-0144