Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora: 2019-2a16e1ab93 Critical: radare2 Double Free And DoS Issues

fedora
Calendar Grey July 29, 2019
Dist Fedora Esm H88
CentOS System Alert for radare2 brings vital patches and improves functionalities for fortified security performance.
Rebase to radare2 3.6.0 and fix CVE-2019-12790, CVE-2019-12802 and CVE-2019-12865 and rebase cutter to 1.8.3.

Summary

The radare2 is a reverse-engineering framework that is multi-architecture,

multi-platform, and highly scriptable. Radare2 provides a hexadecimal

editor, wrapped I/O, file system support, debugger support, diffing

between two functions or binaries, and code analysis at opcode,

basic block, and function levels.

Rebase to radare2 3.6.0 and fix CVE-2019-12790, CVE-2019-12802 and

CVE-2019-12865 and rebase cutter to 1.8.3.

* Wed Jun 26 2019 Riccardo Schirone - 3.6.0

- rebase to upstream version 3.6.0

* Tue Apr 16 2019 Adam Williamson - 3.4.1-2

- Rebuild with Meson fix for #1699099

- Fix versioning

* Mon Apr 8 2019 Riccardo Schirone - 3.4.1-1

- rebase to upstream version 3.4.1

[ 1 ] Bug #1725676 - CVE-2019-12865 radare2: double free in cmd_mount in libr/core/cmd_mount.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1725676

[ 2 ] Bug #1722733 - CVE-2019-12802 radare2: denial of service in function rcc_context in /libr/egg/egg_lang.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1722733

[ 3 ] Bug #1723354 - CVE-2019-12790 radare2: heap-based buffer over-read in function r_egg_lang_parsechar in egg_lang.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1723354

su -c 'dnf upgrade --advisory FEDORA-2019-2a16e1ab93' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory denial of service Fedora double free buffer over-read radare2 cutter

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 3.6.0
Release: 1.fc30
URL: https://radare.org/
Summary: The reverse engineering framework

Topics%20covered

Topics Covered

security advisory denial of service Fedora double free buffer over-read radare2 cutter

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here