--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-85b277e748
2022-03-26 14:56:28.653482
--------------------------------------------------------------------------------

Name        : radare2
Product     : Fedora 36
Version     : 5.6.4
Release     : 1.fc36
URL         : https://radare.org/
Summary     : The reverse engineering framework
Description :
The radare2 is a reverse-engineering framework that is multi-architecture,
multi-platform, and highly scriptable.  Radare2 provides a hexadecimal
editor, wrapped I/O, file system support, debugger support, diffing
between two functions or binaries, and code analysis at opcode,
basic block, and function levels.

--------------------------------------------------------------------------------
Update Information:

Bugfix release. fixes CVE-2022-0518 2055256, 2055130 - https://github.com/radare
org/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa fixes CVE-2022-0519
2055103, 2055104 - https://github.com/radareorg/radare2/commit/6c4428f018d385fc8
0a33ecddcb37becea685dd5 fixes CVE-2022-0520 2055145, 2055146 - https://github.co
m/radareorg/radare2/commit/8525ad0b9fd596f4b251bb3d7b114e6dc7ce1ee8 fixes
CVE-2022-0521 2055043, 2055044 - https://github.com/radareorg/radare2/commit/6c4
428f018d385fc80a33ecddcb37becea685dd5 fixes CVE-2022-0522 2055029, 2055030 - htt
ps://github.com/radareorg/radare2/commit/d17a7bdf166108a29a27cd89bf454f9fa6c050d
6 fixes CVE-2022-0523 2055152, 2055153 - https://github.com/radareorg/radare2/co
mmit/35482cb760db10f87a62569e2f8872dbd95e9269 fixes CVE-2022-0559 2055256.
2055257 - https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3
cc94a362807f5e fixes CVE-2022-0676 2056758, 2056759 - https://github.com/radareo
rg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6 fixes CVE-2022-0712
2057173, 2057174, 2057175, 2057176 - https://github.com/radareorg/radare2/commit
/515e592b9bea0612bc63d8e93239ff35bcf645c7 fixes CVE-2022-0713 2057707, 2057708,
2057709, 2057710 - https://github.com/radareorg/radare2/commit/a35f89f86ed12161a
f09330e92e5a213014e46a1 fixes CVE-2022-0476 2057712, 2057713, 2057714, 2057715 -
https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f
9f1b fixes CVE-2022-0695 2058522, 2058523, 2058525 - https://github.com/radareor
g/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 28 2022 Michal Ambroz  5.6.4-1
- bump to 5.6.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2054856 - radare2-5.6.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2054856
  [ 2 ] Bug #2055029 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055029
  [ 3 ] Bug #2055030 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055030
  [ 4 ] Bug #2055043 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055043
  [ 5 ] Bug #2055044 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055044
  [ 6 ] Bug #2055103 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055103
  [ 7 ] Bug #2055104 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055104
  [ 8 ] Bug #2055129 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055129
  [ 9 ] Bug #2055130 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055130
  [ 10 ] Bug #2055145 - CVE-2022-0520 radare2: Use After Free in radare [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055145
  [ 11 ] Bug #2055146 - CVE-2022-0520 radare2: Use After Free in radare [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055146
  [ 12 ] Bug #2055152 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055152
  [ 13 ] Bug #2055153 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055153
  [ 14 ] Bug #2055256 - CVE-2022-0559 radare2: Use After Free in radare2 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055256
  [ 15 ] Bug #2055257 - CVE-2022-0559 radare2: Use After Free in radare2 [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2055257
  [ 16 ] Bug #2056758 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2056758
  [ 17 ] Bug #2056759 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2056759
  [ 18 ] Bug #2057173 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2057173
  [ 19 ] Bug #2057174 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2057174
  [ 20 ] Bug #2057175 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [fedora-34]
        https://bugzilla.redhat.com/show_bug.cgi?id=2057175
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-85b277e748' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure