--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2022-7db9e7bb5b
2022-03-11 14:43:31.710672
--------------------------------------------------------------------------------Name        : radare2
Product     : Fedora 35
Version     : 5.6.4
Release     : 1.fc35
URL         : https://radare.org/
Summary     : The reverse engineering framework
Description :
The radare2 is a reverse-engineering framework that is multi-architecture,
multi-platform, and highly scriptable.  Radare2 provides a hexadecimal
editor, wrapped I/O, file system support, debugger support, diffing
between two functions or binaries, and code analysis at opcode,
basic block, and function levels.

--------------------------------------------------------------------------------Update Information:

Bugfix release. fixes CVE-2022-0518 2055256, 2055130 - https://github.com/radare
org/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa fixes CVE-2022-0519
2055103, 2055104 - https://github.com/radareorg/radare2/commit/6c4428f018d385fc8
0a33ecddcb37becea685dd5 fixes CVE-2022-0520 2055145, 2055146 - https://github.co
m/radareorg/radare2/commit/8525ad0b9fd596f4b251bb3d7b114e6dc7ce1ee8 fixes
CVE-2022-0521 2055043, 2055044 - 428f018d385fc80a33ecddcb37becea685dd5 fixes CVE-2022-0522 2055029, 2055030 - htt
ps://github.com/radareorg/radare2/commit/d17a7bdf166108a29a27cd89bf454f9fa6c050d
6 fixes CVE-2022-0523 2055152, 2055153 - mmit/35482cb760db10f87a62569e2f8872dbd95e9269 fixes CVE-2022-0559 2055256.
2055257 - https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3
cc94a362807f5e fixes CVE-2022-0676 2056758, 2056759 - rg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6 fixes CVE-2022-0712
2057173, 2057174, 2057175, 2057176 - https://github.com/radareorg/radare2/commit
/515e592b9bea0612bc63d8e93239ff35bcf645c7 fixes CVE-2022-0713 2057707, 2057708,
2057709, 2057710 - https://github.com/radareorg/radare2/commit/a35f89f86ed12161a
f09330e92e5a213014e46a1 fixes CVE-2022-0476 2057712, 2057713, 2057714, 2057715 -https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f
9f1b fixes CVE-2022-0695 2058522, 2058523, 2058525 - g/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf
--------------------------------------------------------------------------------ChangeLog:

* Mon Feb 28 2022 Michal Ambroz  5.6.4-1
- bump to 5.6.4
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #2054856 - radare2-5.6.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2054856
  [ 2 ] Bug #2055029 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055029
  [ 3 ] Bug #2055030 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055030
  [ 4 ] Bug #2055043 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055043
  [ 5 ] Bug #2055044 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055044
  [ 6 ] Bug #2055103 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055103
  [ 7 ] Bug #2055104 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055104
  [ 8 ] Bug #2055129 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055129
  [ 9 ] Bug #2055130 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055130
  [ 10 ] Bug #2055145 - CVE-2022-0520 radare2: Use After Free in radare [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055145
  [ 11 ] Bug #2055146 - CVE-2022-0520 radare2: Use After Free in radare [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055146
  [ 12 ] Bug #2055152 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055152
  [ 13 ] Bug #2055153 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055153
  [ 14 ] Bug #2055256 - CVE-2022-0559 radare2: Use After Free in radare2 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055256
  [ 15 ] Bug #2055257 - CVE-2022-0559 radare2: Use After Free in radare2 [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055257
  [ 16 ] Bug #2056758 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2056758
  [ 17 ] Bug #2056759 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2056759
  [ 18 ] Bug #2057173 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2057173
  [ 19 ] Bug #2057174 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2057174
  [ 20 ] Bug #2057175 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [fedora-34]
        https://bugzilla.redhat.com/show_bug.cgi?id=2057175
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-7db9e7bb5b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 35: radare2 2022-7db9e7bb5b

March 11, 2022
Bugfix release

Summary

The radare2 is a reverse-engineering framework that is multi-architecture,

multi-platform, and highly scriptable. Radare2 provides a hexadecimal

editor, wrapped I/O, file system support, debugger support, diffing

between two functions or binaries, and code analysis at opcode,

basic block, and function levels.

Bugfix release. fixes CVE-2022-0518 2055256, 2055130 - https://github.com/radare

org/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa fixes CVE-2022-0519

2055103, 2055104 - https://github.com/radareorg/radare2/commit/6c4428f018d385fc8

0a33ecddcb37becea685dd5 fixes CVE-2022-0520 2055145, 2055146 - https://github.co

m/radareorg/radare2/commit/8525ad0b9fd596f4b251bb3d7b114e6dc7ce1ee8 fixes

CVE-2022-0521 2055043, 2055044 - 428f018d385fc80a33ecddcb37becea685dd5 fixes CVE-2022-0522 2055029, 2055030 - htt

ps://github.com/radareorg/radare2/commit/d17a7bdf166108a29a27cd89bf454f9fa6c050d

6 fixes CVE-2022-0523 2055152, 2055153 - mmit/35482cb760db10f87a62569e2f8872dbd95e9269 fixes CVE-2022-0559 2055256.

2055257 - https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3

cc94a362807f5e fixes CVE-2022-0676 2056758, 2056759 - rg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6 fixes CVE-2022-0712

2057173, 2057174, 2057175, 2057176 - https://github.com/radareorg/radare2/commit

/515e592b9bea0612bc63d8e93239ff35bcf645c7 fixes CVE-2022-0713 2057707, 2057708,

2057709, 2057710 - https://github.com/radareorg/radare2/commit/a35f89f86ed12161a

f09330e92e5a213014e46a1 fixes CVE-2022-0476 2057712, 2057713, 2057714, 2057715 -https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f

9f1b fixes CVE-2022-0695 2058522, 2058523, 2058525 - g/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf

* Mon Feb 28 2022 Michal Ambroz 5.6.4-1

- bump to 5.6.4

[ 1 ] Bug #2054856 - radare2-5.6.4 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2054856

[ 2 ] Bug #2055029 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055029

[ 3 ] Bug #2055030 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055030

[ 4 ] Bug #2055043 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055043

[ 5 ] Bug #2055044 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055044

[ 6 ] Bug #2055103 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055103

[ 7 ] Bug #2055104 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055104

[ 8 ] Bug #2055129 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055129

[ 9 ] Bug #2055130 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055130

[ 10 ] Bug #2055145 - CVE-2022-0520 radare2: Use After Free in radare [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055145

[ 11 ] Bug #2055146 - CVE-2022-0520 radare2: Use After Free in radare [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055146

[ 12 ] Bug #2055152 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055152

[ 13 ] Bug #2055153 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055153

[ 14 ] Bug #2055256 - CVE-2022-0559 radare2: Use After Free in radare2 [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055256

[ 15 ] Bug #2055257 - CVE-2022-0559 radare2: Use After Free in radare2 [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2055257

[ 16 ] Bug #2056758 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2056758

[ 17 ] Bug #2056759 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2056759

[ 18 ] Bug #2057173 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=2057173

[ 19 ] Bug #2057174 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-8]

https://bugzilla.redhat.com/show_bug.cgi?id=2057174

[ 20 ] Bug #2057175 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [fedora-34]

https://bugzilla.redhat.com/show_bug.cgi?id=2057175

su -c 'dnf upgrade --advisory FEDORA-2022-7db9e7bb5b' at the command

line. For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

FEDORA-2022-7db9e7bb5b 2022-03-11 14:43:31.710672 Product : Fedora 35 Version : 5.6.4 Release : 1.fc35 URL : https://radare.org/ Summary : The reverse engineering framework Description : The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and function levels. Bugfix release. fixes CVE-2022-0518 2055256, 2055130 - https://github.com/radare org/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa fixes CVE-2022-0519 2055103, 2055104 - https://github.com/radareorg/radare2/commit/6c4428f018d385fc8 0a33ecddcb37becea685dd5 fixes CVE-2022-0520 2055145, 2055146 - https://github.co m/radareorg/radare2/commit/8525ad0b9fd596f4b251bb3d7b114e6dc7ce1ee8 fixes CVE-2022-0521 2055043, 2055044 - 428f018d385fc80a33ecddcb37becea685dd5 fixes CVE-2022-0522 2055029, 2055030 - htt ps://github.com/radareorg/radare2/commit/d17a7bdf166108a29a27cd89bf454f9fa6c050d 6 fixes CVE-2022-0523 2055152, 2055153 - mmit/35482cb760db10f87a62569e2f8872dbd95e9269 fixes CVE-2022-0559 2055256. 2055257 - https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3 cc94a362807f5e fixes CVE-2022-0676 2056758, 2056759 - rg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6 fixes CVE-2022-0712 2057173, 2057174, 2057175, 2057176 - https://github.com/radareorg/radare2/commit /515e592b9bea0612bc63d8e93239ff35bcf645c7 fixes CVE-2022-0713 2057707, 2057708, 2057709, 2057710 - https://github.com/radareorg/radare2/commit/a35f89f86ed12161a f09330e92e5a213014e46a1 fixes CVE-2022-0476 2057712, 2057713, 2057714, 2057715 -https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f 9f1b fixes CVE-2022-0695 2058522, 2058523, 2058525 - g/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf * Mon Feb 28 2022 Michal Ambroz 5.6.4-1 - bump to 5.6.4 [ 1 ] Bug #2054856 - radare2-5.6.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2054856 [ 2 ] Bug #2055029 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055029 [ 3 ] Bug #2055030 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055030 [ 4 ] Bug #2055043 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055043 [ 5 ] Bug #2055044 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055044 [ 6 ] Bug #2055103 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055103 [ 7 ] Bug #2055104 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055104 [ 8 ] Bug #2055129 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055129 [ 9 ] Bug #2055130 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055130 [ 10 ] Bug #2055145 - CVE-2022-0520 radare2: Use After Free in radare [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055145 [ 11 ] Bug #2055146 - CVE-2022-0520 radare2: Use After Free in radare [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055146 [ 12 ] Bug #2055152 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055152 [ 13 ] Bug #2055153 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055153 [ 14 ] Bug #2055256 - CVE-2022-0559 radare2: Use After Free in radare2 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055256 [ 15 ] Bug #2055257 - CVE-2022-0559 radare2: Use After Free in radare2 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055257 [ 16 ] Bug #2056758 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2056758 [ 17 ] Bug #2056759 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2056759 [ 18 ] Bug #2057173 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2057173 [ 19 ] Bug #2057174 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2057174 [ 20 ] Bug #2057175 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [fedora-34] https://bugzilla.redhat.com/show_bug.cgi?id=2057175 su -c 'dnf upgrade --advisory FEDORA-2022-7db9e7bb5b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Change Log

References

Update Instructions

Severity
Product : Fedora 35
Version : 5.6.4
Release : 1.fc35
URL : https://radare.org/
Summary : The reverse engineering framework

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved