Fedora: 2022-7db9e7bb5b Critical: Multiple Issues in Radare2
fedora
March 11, 2022
Bugfix release
Summary
The radare2 is a reverse-engineering framework that is multi-architecture,
multi-platform, and highly scriptable. Radare2 provides a hexadecimal
editor, wrapped I/O, file system support, debugger support, diffing
between two functions or binaries, and code analysis at opcode,
basic block, and function levels.
Bugfix release. fixes CVE-2022-0518 2055256, 2055130 - org/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa fixes CVE-2022-0519
2055103, 2055104 - 0a33ecddcb37becea685dd5 fixes CVE-2022-0520 2055145, 2055146 - https://github.com/
m/radareorg/radare2/commit/8525ad0b9fd596f4b251bb3d7b114e6dc7ce1ee8 fixes
CVE-2022-0521 2055043, 2055044 - 428f018d385fc80a33ecddcb37becea685dd5 fixes CVE-2022-0522 2055029, 2055030 - htt
ps://github.com/radareorg/radare2/commit/d17a7bdf166108a29a27cd89bf454f9fa6c050d
6 fixes CVE-2022-0523 2055152, 2055153 - mmit/35482cb760db10f87a62569e2f8872dbd95e9269 fixes CVE-2022-0559 2055256.
2055257 - cc94a362807f5e fixes CVE-2022-0676 2056758, 2056759 - rg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6 fixes CVE-2022-0712
2057173, 2057174, 2057175, 2057176 - /515e592b9bea0612bc63d8e93239ff35bcf645c7 fixes CVE-2022-0713 2057707, 2057708,
2057709, 2057710 - f09330e92e5a213014e46a1 fixes CVE-2022-0476 2057712, 2057713, 2057714, 2057715 -9f1b fixes CVE-2022-0695 2058522, 2058523, 2058525 - g/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf
* Mon Feb 28 2022 Michal Ambroz
- bump to 5.6.4
[ 1 ] Bug #2054856 - radare2-5.6.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2054856
[ 2 ] Bug #2055029 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055029
[ 3 ] Bug #2055030 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055030
[ 4 ] Bug #2055043 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055043
[ 5 ] Bug #2055044 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055044
[ 6 ] Bug #2055103 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055103
[ 7 ] Bug #2055104 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055104
[ 8 ] Bug #2055129 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055129
[ 9 ] Bug #2055130 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055130
[ 10 ] Bug #2055145 - CVE-2022-0520 radare2: Use After Free in radare [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055145
[ 11 ] Bug #2055146 - CVE-2022-0520 radare2: Use After Free in radare [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055146
[ 12 ] Bug #2055152 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055152
[ 13 ] Bug #2055153 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055153
[ 14 ] Bug #2055256 - CVE-2022-0559 radare2: Use After Free in radare2 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055256
[ 15 ] Bug #2055257 - CVE-2022-0559 radare2: Use After Free in radare2 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055257
[ 16 ] Bug #2056758 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2056758
[ 17 ] Bug #2056759 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2056759
[ 18 ] Bug #2057173 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2057173
[ 19 ] Bug #2057174 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2057174
[ 20 ] Bug #2057175 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [fedora-34]
https://bugzilla.redhat.com/show_bug.cgi?id=2057175
su -c 'dnf upgrade --advisory FEDORA-2022-7db9e7bb5b' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Topics Covered
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Product: Fedora 35
Version: 5.6.4
Release: 1.fc35
URL: https://radare.org/
Summary: The reverse engineering framework
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!