diff options
| author | leot <leot@pkgsrc.org> | 2016-02-02 16:08:01 +0000 |
|---|---|---|
| committer | leot <leot@pkgsrc.org> | 2016-02-02 16:08:01 +0000 |
| commit | 8d625255b3c640d811e5bad986c0e5ddf5e97a3f (patch) | |
| tree | 3fcf25e55ac9c07d7755c0e4dfacf33c09460a55 /net | |
| parent | c996e33e37e271d0e9e657ba771c3397791c2eba (diff) | |
| download | pkgsrc-8d625255b3c640d811e5bad986c0e5ddf5e97a3f.tar.gz | |
Update net/socat to 1.7.3.1.
Changes:
####################### V 1.7.3.1:
security:
Socat security advisory 8
A stack overflow in vulnerability was found that can be triggered when
command line arguments (complete address specifications, host names,
file names) are longer than 512 bytes.
Successful exploitation might allow an attacker to execute arbitrary
code with the privileges of the socat process.
This vulnerability can only be exploited when an attacker is able to
inject data into socat's command line.
A vulnerable scenario would be a CGI script that reads data from clients
and uses (parts of) this data as hostname for a Socat invocation.
Test: NESTEDOVFL
Credits to Takumi Akiyama for finding and reporting this issue.
Socat security advisory 7
MSVR-1499
In the OpenSSL address implementation the hard coded 1024 bit DH p
parameter was not prime. The effective cryptographic strength of a key
exchange using these parameters was weaker than the one one could get by
using a prime p. Moreover, since there is no indication of how these
parameters were chosen, the existence of a trapdoor that makes possible
for an eavesdropper to recover the shared secret from a key exchange
that uses them cannot be ruled out.
Futhermore, 1024bit is not considered sufficiently secure.
Fix: generated a new 2048bit prime.
Thanks to Santiago Zanella-Beguelin and Microsoft Vulnerability
Research (MSVR) for finding and reporting this issue.
Diffstat (limited to 'net')
| -rw-r--r-- | net/socat/Makefile | 4 | ||||
| -rw-r--r-- | net/socat/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/net/socat/Makefile b/net/socat/Makefile index 3f5f1d15093..c646314d047 100644 --- a/net/socat/Makefile +++ b/net/socat/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.35 2015/07/25 14:43:23 bsiegert Exp $ +# $NetBSD: Makefile,v 1.36 2016/02/02 16:08:01 leot Exp $ -DISTNAME= socat-1.7.3.0 +DISTNAME= socat-1.7.3.1 CATEGORIES= net MASTER_SITES= http://www.dest-unreach.org/socat/download/ diff --git a/net/socat/distinfo b/net/socat/distinfo index 6d93ecf59a0..9d1306a0037 100644 --- a/net/socat/distinfo +++ b/net/socat/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.22 2015/11/04 00:35:37 agc Exp $ +$NetBSD: distinfo,v 1.23 2016/02/02 16:08:01 leot Exp $ -SHA1 (socat-1.7.3.0.tar.gz) = c09ec6539647cebe8fccdfcf0f1ace1243231ec3 -RMD160 (socat-1.7.3.0.tar.gz) = 574d55611cc8ab1dfa7941e133c882893d72785d -SHA512 (socat-1.7.3.0.tar.gz) = 886c486cc2e934ae00d85064d3f5261da8acd7ab3b4848e3990d9cd6fdc805fe1f862dd18327c1c4d67a63f8708086814c0809c015797ee0494801f251e22014 -Size (socat-1.7.3.0.tar.gz) = 601022 bytes +SHA1 (socat-1.7.3.1.tar.gz) = a6f1d8ab3e85f565dbe172f33a9be6708dd52ffb +RMD160 (socat-1.7.3.1.tar.gz) = 471f7edfad9610ca4a164030796f0706636b059f +SHA512 (socat-1.7.3.1.tar.gz) = a2a550cd02982befdd9d410e510546e7a875c01b0d8ea27d949868fbe3cbbf1b126e96080b186956ae51a3b445f7702688465dc97cde75f6a858759a99622e75 +Size (socat-1.7.3.1.tar.gz) = 606049 bytes SHA1 (patch-mytypes.h) = 94df5a47f7fbadf867e0994edeeb857b467021df |