Mageia 2020-0024: radare2 security update

    Date07 Jan 2020
    172
    Posted ByLinuxSecurity Advisories
    Updated radare2 packages fix security vulnerabilities: In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have
    MGASA-2020-0024 - Updated radare2 packages fix security vulnerabilities
    
    Publication date: 07 Jan 2020
    URL: https://advisories.mageia.org/MGASA-2020-0024.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2019-12790,
         CVE-2019-12802,
         CVE-2019-12865,
         CVE-2019-14745
    
    Updated radare2 packages fix security vulnerabilities:
    
    In radare2 through 3.5.1, there is a heap-based buffer over-read in the
    r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers
    to cause a denial of service (application crash) or possibly have
    unspecified other impact because of missing length validation in
    libr/egg/egg.c (CVE-2019-12790).
    
    In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c
    mishandles changing context. This allows remote attackers to cause a denial
    of service (application crash) or possibly have unspecified other impact
    (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg)
    (CVE-2019-12802).
    
    In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double
    free for the ms command (CVE-2019-12865).
    
    By using a crafted executable file, it's possible to execute arbitrary
    shell commands with the permissions of the victim. This vulnerability is
    due to improper handling of symbol names embedded in executables
    (CVE-2019-14745).
    
    The radare2 package has been updated to version 3.9.0, fixing these issues
    and other bugs.
    
    Also, the radare2-cutter package has been updated to version 1.9.0.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=25933
    - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/ED2UIZ5J7YYFFA2MPSMJ543U3DPEREVZ/
    - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/IEXZWAMVKGZKHALV4IVWQS2ORJKRH57U/
    - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/RQO7V37RGQEKZDLY2JYKDZTLNN2YUBC5/
    - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/PXQ6KYP4UMNSCJYHFT4TBIXLR2325SNS/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12790
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12802
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12865
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14745
    
    SRPMS:
    - 7/core/radare2-3.9.0-1.mga7
    - 7/core/radare2-cutter-1.9.0-1.1.mga7
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"31","type":"x","order":"1","pct":91.18,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":5.88,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":2.94,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.