From: Sudhir Dumbhare <[email protected]> According to [1]: this upgrade includes the fix for Socat security advisory 10, CVE-2026-56123. The issue is a possible heap overflow in the SOCKS5 client code that can be triggered by connecting to a malicious SOCKS5 server with knowledge of details about the client binary code. It also introduced Test: SOCKS5_OVERFL as well.
Version 1.8.1.3 also fixes a false positive in the SOCKS5_OVERFL regression test on platforms with a non-bash default shell. [1] http://www.dest-unreach.org/socat/CHANGES [2] https://nvd.nist.gov/vuln/detail/CVE-2026-56123 Signed-off-by: Sudhir Dumbhare <[email protected]> --- .../socat/{socat_1.8.1.1.bb => socat_1.8.1.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/socat/{socat_1.8.1.1.bb => socat_1.8.1.3.bb} (94%) diff --git a/meta/recipes-connectivity/socat/socat_1.8.1.1.bb b/meta/recipes-connectivity/socat/socat_1.8.1.3.bb similarity index 94% rename from meta/recipes-connectivity/socat/socat_1.8.1.1.bb rename to meta/recipes-connectivity/socat/socat_1.8.1.3.bb index e662c79a75..636c75b117 100644 --- a/meta/recipes-connectivity/socat/socat_1.8.1.1.bb +++ b/meta/recipes-connectivity/socat/socat_1.8.1.3.bb @@ -13,7 +13,7 @@ SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ file://0001-fix-compile-procan.c-failed.patch \ " -SRC_URI[sha256sum] = "5ebc636b7f427053f98806696521653a614c7e06464910353cbf54e2327adc1b" +SRC_URI[sha256sum] = "25bc6476292b2e614220989c77b0b6fca87bb2525d9747b31a6639b1fb602418" inherit autotools -- 2.51.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#240524): https://lists.openembedded.org/g/openembedded-core/message/240524 Mute This Topic: https://lists.openembedded.org/mt/120185959/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
