Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 30: FEDORA-2019-b3de19c346 moderate: radare2 Command Injection

fedora
Calendar Grey October 11, 2019
Dist Fedora Esm H88
Update radare2 on Fedora to address the command injection vulnerability that has been resolved in version 3.9.0 for improved security and performance
- Rebase radare2 to 3.9.0 - Rebase cutter-re to 1.9.0 - fix CVE-2019-14745 in radare2 on F30

Summary

The radare2 is a reverse-engineering framework that is multi-architecture,

multi-platform, and highly scriptable. Radare2 provides a hexadecimal

editor, wrapped I/O, file system support, debugger support, diffing

between two functions or binaries, and code analysis at opcode,

basic block, and function levels.

- Rebase radare2 to 3.9.0 - Rebase cutter-re to 1.9.0 - fix CVE-2019-14745 in

radare2 on F30

* Mon Sep 30 2019 Riccardo Schirone - 3.9.0-1.1

- rebase to upstream version 3.9.0

* Fri Jul 26 2019 Fedora Release Engineering - 3.6.0-1.1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Wed Jun 26 2019 Riccardo Schirone - 3.6.0

- rebase to upstream version 3.6.0

* Tue Apr 16 2019 Adam Williamson - 3.4.1-2

- Rebuild with Meson fix for #1699099

- Fix versioning

* Mon Apr 8 2019 Riccardo Schirone - 3.4.1-1

- rebase to upstream version 3.4.1

[ 1 ] Bug #1709298 - radare2-3.9.0 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1709298

[ 2 ] Bug #1756377 - CVE-2019-14745 radare2: a command injection vulnerability in bin_symbols() in libr/core/cbin.c leads to arbitrary code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1756377

su -c 'dnf upgrade --advisory FEDORA-2019-b3de19c346' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora arbitrary code execution command injection radare2

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 3.9.0
Release: 1.fc30.1
URL: https://radare.org/
Summary: The reverse engineering framework

Topics%20covered

Topics Covered

security advisory Fedora arbitrary code execution command injection radare2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here