ALAS-2012-087

Amazon Linux 1 Security Advisory: ALAS-2012-87
Advisory Release Date: 2012-06-11 10:28 Pacific
Advisory Updated Date: 2014-09-14 16:19 Pacific

Severity: Medium

References: CVE-2012-0219
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address.

Affected Packages:

socat

Issue Correction:
Run yum update socat to update your system.

New Packages:

i686:
    socat-debuginfo-1.7.2.1-1.6.amzn1.i686
    socat-1.7.2.1-1.6.amzn1.i686

src:
    socat-1.7.2.1-1.6.amzn1.src

x86_64:
    socat-1.7.2.1-1.6.amzn1.x86_64
    socat-debuginfo-1.7.2.1-1.6.amzn1.x86_64

Additional References

Red Hat: CVE-2012-0219

Mitre: CVE-2012-0219