[security] Updated: socat and 2.0.0b4-1

Andrew Schulman schulman.andrew@epamail.epa.gov
Mon Oct 24 14:54:00 GMT 2011

Two new versions of socat, and 2.0.0b4-1, are now available in the
Cygwin distribution.  

These releases both include a security fix for a stack overflow vulnerability.
Please see the upstream advisory at
http://www.dest-unreach.org/socat/contrib/socat-secadv2.html for details.

All socat users are encouraged to upgrade.  The previous Cygwin releases, and 2.0.0b3-1, have been removed from the archive.

socat is a relay for bidirectional data transfer between two independent data
channels. Each of these data channels may be a file, pipe, device (serial line
etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL
socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line
editor (readline), a program, or a combination of two of these. These modes
include generation of 'listening' sockets, named pipes, and pseudo terminals.
socat can be used, e.g., as TCP port forwarder (one-shot or daemon), as an
external socksifier, for attacking weak firewalls, as a shell interface to UNIX
sockets, IP6 relay, for redirecting TCP oriented programs to a serial line, to
logically connect serial lines on different computers, or to establish a
relatively secure environment (su and chroot) for running client or server shell
scripts with network connections.

Home page: http://www.dest-unreach.org/socat/

Andrew E. Schulman


To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.


If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:


If you need more information on unsubscribing, start reading here: 


Please read *all* of the information on unsubscribing that is available
starting at this URL.

More information about the Cygwin-announce mailing list