Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora 31: Security Advisory on Radare2 4.2.1 Critical DoS Threat

fedora
Calendar Grey February 13, 2020
Dist Fedora Esm H88
The update to radare2-4.2.1 addresses security vulnerabilities in Fedora 31. Upgrade today to enhance your system's security!
Rebase to radare2-4.2.1 and cutter-re 1.10.1

Summary

The radare2 is a reverse-engineering framework that is multi-architecture,

multi-platform, and highly scriptable. Radare2 provides a hexadecimal

editor, wrapped I/O, file system support, debugger support, diffing

between two functions or binaries, and code analysis at opcode,

basic block, and function levels.

Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and

CVE-2019-19547. It also fix a problem in cutter-re that did not display the

window icon on Wayland.

* Wed Feb 5 2020 Riccardo Schirone - 4.2.1-2

- Rebuild for new cutter

* Mon Feb 3 2020 Riccardo Schirone - 4.2.1-1

- Rebase to upstream version 4.2.1

- Fix CVE-2019-19647

- Fix CVE-2019-19590

* Thu Jan 30 2020 Fedora Release Engineering - 3.9.0-3.2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Mon Oct 7 2019 Riccardo Schirone - 3.9.0-3.1

- Fix epel7 build

* Fri Oct 4 2019 Ivan Mironov - 3.9.0-2.1

- Add missing BuildRequires: xxhash-devel, openssl-devel

- Add missing Requires for -devel package: file-devel, openssl-devel

[ 1 ] Bug #1795157 - CVE-2019-19590 radare2: integer overflow in for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1795157

[ 2 ] Bug #1783453 - CVE-2019-19647 radare2: improper variable validation in r_asm_pseudo_incbin in libr/asm/asm.c leads to DoS [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1783453

su -c 'dnf upgrade --advisory FEDORA-2020-acd8cdb08d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora DoS integer overflow radare2

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 31
Version: 4.2.1
Release: 2.fc31
URL: https://radare.org/
Summary: The reverse engineering framework

Topics%20covered

Topics Covered

security advisory Fedora DoS integer overflow radare2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here