SECURITY: Fedora 35 Update: radare2-5.6.4-1.fc35
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-7db9e7bb5b
2022-03-11 14:43:31.710672
--------------------------------------------------------------------------------
Name : radare2
Product : Fedora 35
Version : 5.6.4
Release : 1.fc35
URL : https://radare.org/
Summary : The reverse engineering framework
Description :
The radare2 is a reverse-engineering framework that is multi-architecture,
multi-platform, and highly scriptable. Radare2 provides a hexadecimal
editor, wrapped I/O, file system support, debugger support, diffing
between two functions or binaries, and code analysis at opcode,
basic block, and function levels.
--------------------------------------------------------------------------------
Update Information:
Bugfix release. fixes CVE-2022-0518 2055256, 2055130 - https://github.com/radare
org/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa fixes CVE-2022-0519
2055103, 2055104 - https://github.com/radareorg/radare2/commit/6c4428f018d385fc8
0a33ecddcb37becea685dd5 fixes CVE-2022-0520 2055145, 2055146 - https://github.co
m/radareorg/radare2/commit/8525ad0b9fd596f4b251bb3d7b114e6dc7ce1ee8 fixes
CVE-2022-0521 2055043, 2055044 - https://github.com/radareorg/radare2/commit/6c4
428f018d385fc80a33ecddcb37becea685dd5 fixes CVE-2022-0522 2055029, 2055030 - htt
ps://github.com/radareorg/radare2/commit/d17a7bdf166108a29a27cd89bf454f9fa6c050d
6 fixes CVE-2022-0523 2055152, 2055153 - https://github.com/radareorg/radare2/co
mmit/35482cb760db10f87a62569e2f8872dbd95e9269 fixes CVE-2022-0559 2055256.
2055257 - https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3
cc94a362807f5e fixes CVE-2022-0676 2056758, 2056759 - https://github.com/radareo
rg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6 fixes CVE-2022-0712
2057173, 2057174, 2057175, 2057176 - https://github.com/radareorg/radare2/commit
/515e592b9bea0612bc63d8e93239ff35bcf645c7 fixes CVE-2022-0713 2057707, 2057708,
2057709, 2057710 - https://github.com/radareorg/radare2/commit/a35f89f86ed12161a
f09330e92e5a213014e46a1 fixes CVE-2022-0476 2057712, 2057713, 2057714, 2057715 -
https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f
9f1b fixes CVE-2022-0695 2058522, 2058523, 2058525 - https://github.com/radareor
g/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 28 2022 Michal Ambroz 5.6.4-1
- bump to 5.6.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2054856 - radare2-5.6.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2054856
[ 2 ] Bug #2055029 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055029
[ 3 ] Bug #2055030 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055030
[ 4 ] Bug #2055043 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055043
[ 5 ] Bug #2055044 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055044
[ 6 ] Bug #2055103 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055103
[ 7 ] Bug #2055104 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055104
[ 8 ] Bug #2055129 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055129
[ 9 ] Bug #2055130 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055130
[ 10 ] Bug #2055145 - CVE-2022-0520 radare2: Use After Free in radare [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055145
[ 11 ] Bug #2055146 - CVE-2022-0520 radare2: Use After Free in radare [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055146
[ 12 ] Bug #2055152 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055152
[ 13 ] Bug #2055153 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055153
[ 14 ] Bug #2055256 - CVE-2022-0559 radare2: Use After Free in radare2 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055256
[ 15 ] Bug #2055257 - CVE-2022-0559 radare2: Use After Free in radare2 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2055257
[ 16 ] Bug #2056758 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2056758
[ 17 ] Bug #2056759 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2056759
[ 18 ] Bug #2057173 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2057173
[ 19 ] Bug #2057174 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2057174
[ 20 ] Bug #2057175 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [fedora-34]
https://bugzilla.redhat.com/show_bug.cgi?id=2057175
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-7db9e7bb5b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
A radare2 security update has been released for Fedora 35.