Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

socat: address CVE-2024-54661 #11729

Open
wants to merge 1 commit into
base: fasttrack/3.0
Choose a base branch
from
Open

socat: address CVE-2024-54661 #11729

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions SPECS/socat/CVE-2024-54661.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
From be474a81dc2d9010ac16f9690f97cf7ff68b36d7 Mon Sep 17 00:00:00 2001
From: Muhammad Falak R Wani <[email protected]>
Date: Sun, 29 Dec 2024 17:47:45 +0530
Subject: [PATCH] CVE-2024-54661: Arbitrary file overwrite in readline.sh

Link: https://repo.or.cz/socat.git/commit/4ee1f31cf80019c5907876576d6dfd49368d660f
Author: Gerhard Rieger <[email protected]>
Signed-off-by: Muhammad Falak R Wani <[email protected]>
---
readline.sh | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/readline.sh b/readline.sh
index b6f8438..1045303 100755
--- a/readline.sh
+++ b/readline.sh
@@ -22,9 +22,15 @@ if [ "$withhistfile" ]; then
else
HISTOPT=
fi
-mkdir -p /tmp/$USER || exit 1
#
#

-exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>/tmp/$USER/stderr2
+if test -w .; then
+ STDERR=./socat-readline.${1##*/}.log
+ rm -f $STDERR
+else
+ STDERR=/dev/null
+fi
+
+exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR

--
2.40.1

8 changes: 6 additions & 2 deletions SPECS/socat/socat.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,20 @@
Summary: Multipurpose relay (SOcket CAT)
Name: socat
Version: 1.7.4.4
Release: 1%{?dist}
Release: 2%{?dist}
License: GPL2
Vendor: Microsoft Corporation
Distribution: Azure Linux
Group: Applications/Internet
URL: http://www.dest-unreach.org/socat
Source0: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.gz
Patch0: CVE-2024-54661.patch

%description
Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them. Because the streams can be constructed from a large set of different types of data sinks and sources (see address types), and because lots of address options may be applied to the streams, socat can be used for many different purposes.

%prep
%setup -q
%autosetup -p1

%build
./configure --prefix=%{_prefix} --sysconfdir=%{_sysconfdir}
Expand All @@ -36,6 +37,9 @@ make %{?_smp_mflags} test
%{_mandir}/man1/*

%changelog
* Sun Dec 29 2024 Muhammad Falak <[email protected]> - 1.7.4.4-2
- Patch CVE-2024-54661

* Fri Oct 27 2023 CBL-Mariner Servicing Account <[email protected]> - 1.7.4.4-1
- Auto-upgrade to 1.7.4.4 - Azure Linux 3.0 - package upgrades

Expand Down
Loading