-
Notifications
You must be signed in to change notification settings - Fork 563
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
socat: address CVE-2024-54661 (#11729)
Signed-off-by: Muhammad Falak R Wani <[email protected]> Co-authored-by: Sam Meluch <[email protected]> Co-authored-by: jslobodzian <[email protected]>
- Loading branch information
3 people
authored
Jan 10, 2025
1 parent
aeb030f
commit 3f92114
Showing
2 changed files
with
43 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| From be474a81dc2d9010ac16f9690f97cf7ff68b36d7 Mon Sep 17 00:00:00 2001 | ||
| From: Muhammad Falak R Wani <[email protected]> | ||
| Date: Sun, 29 Dec 2024 17:47:45 +0530 | ||
| Subject: [PATCH] CVE-2024-54661: Arbitrary file overwrite in readline.sh | ||
|
|
||
| Link: https://repo.or.cz/socat.git/commit/4ee1f31cf80019c5907876576d6dfd49368d660f | ||
| Author: Gerhard Rieger <[email protected]> | ||
| Signed-off-by: Muhammad Falak R Wani <[email protected]> | ||
| --- | ||
| readline.sh | 10 ++++++++-- | ||
| 1 file changed, 8 insertions(+), 2 deletions(-) | ||
|
|
||
| diff --git a/readline.sh b/readline.sh | ||
| index b6f8438..1045303 100755 | ||
| --- a/readline.sh | ||
| +++ b/readline.sh | ||
| @@ -22,9 +22,15 @@ if [ "$withhistfile" ]; then | ||
| else | ||
| HISTOPT= | ||
| fi | ||
| -mkdir -p /tmp/$USER || exit 1 | ||
| # | ||
| # | ||
|
|
||
| -exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>/tmp/$USER/stderr2 | ||
| +if test -w .; then | ||
| + STDERR=./socat-readline.${1##*/}.log | ||
| + rm -f $STDERR | ||
| +else | ||
| + STDERR=/dev/null | ||
| +fi | ||
| + | ||
| +exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR | ||
|
|
||
| -- | ||
| 2.40.1 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,19 +1,20 @@ | ||
| Summary: Multipurpose relay (SOcket CAT) | ||
| Name: socat | ||
| Version: 1.7.4.4 | ||
| Release: 1%{?dist} | ||
| Release: 2%{?dist} | ||
| License: GPL2 | ||
| Vendor: Microsoft Corporation | ||
| Distribution: Azure Linux | ||
| Group: Applications/Internet | ||
| URL: http://www.dest-unreach.org/socat | ||
| Source0: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.gz | ||
| Patch0: CVE-2024-54661.patch | ||
|
|
||
| %description | ||
| Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them. Because the streams can be constructed from a large set of different types of data sinks and sources (see address types), and because lots of address options may be applied to the streams, socat can be used for many different purposes. | ||
|
|
||
| %prep | ||
| %setup -q | ||
| %autosetup -p1 | ||
|
|
||
| %build | ||
| ./configure --prefix=%{_prefix} --sysconfdir=%{_sysconfdir} | ||
|
|
@@ -36,6 +37,9 @@ make %{?_smp_mflags} test | |
| %{_mandir}/man1/* | ||
|
|
||
| %changelog | ||
| * Sun Dec 29 2024 Muhammad Falak <[email protected]> - 1.7.4.4-2 | ||
| - Patch CVE-2024-54661 | ||
|
|
||
| * Fri Oct 27 2023 CBL-Mariner Servicing Account <[email protected]> - 1.7.4.4-1 | ||
| - Auto-upgrade to 1.7.4.4 - Azure Linux 3.0 - package upgrades | ||
|
|
||
|
|
||