Fedora 40 Update: radare2-5.9.8-7.fc40
Fedora 41 Update: radare2-5.9.8-7.fc41
Fedora 42 Update: libell-0.74-1.fc42
Fedora 42 Update: iwd-3.4-1.fc42
Fedora 42 Update: bluez-5.80-1.fc42
Fedora 42 Update: radare2-5.9.8-7.fc42
[SECURITY] Fedora 40 Update: radare2-5.9.8-7.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f8eca89d63
2025-03-20 04:48:38.395596+00:00
--------------------------------------------------------------------------------
Name : radare2
Product : Fedora 40
Version : 5.9.8
Release : 7.fc40
URL : https://radare.org/
Summary : The reverse engineering framework
Description :
The radare2 is a reverse-engineering framework that is multi-architecture,
multi-platform, and highly scriptable. Radare2 provides a hexadecimal
editor, wrapped I/O, file system support, debugger support, diffing
between two functions or binaries, and code analysis at opcode,
basic block, and function levels.
--------------------------------------------------------------------------------
Update Information:
fix CVE-2024-56737, CVE-2025-56737, CVE-2025-1864
Fix CVE-2025-1744 and CVE-2025-1864
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2025 Michal Ambroz [rebus@seznam.cz] - 5.9.8-7
- fix CVE-2024-56737
* Fri Mar 7 2025 Michal Ambroz [rebus@seznam.cz] - 5.9.8-6
- fix CVE-2025-1744 and CVE-2025-1864
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 5.9.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2334774 - CVE-2024-56737 radare2: heap-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2334774
[ 2 ] Bug #2334775 - CVE-2024-56737 radare2: heap-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2334775
[ 3 ] Bug #2334777 - CVE-2024-56737 radare2: heap-based buffer overflow [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334777
[ 4 ] Bug #2334779 - CVE-2024-56737 radare2: heap-based buffer overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2334779
[ 5 ] Bug #2348976 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2348976
[ 6 ] Bug #2348977 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2348977
[ 7 ] Bug #2348978 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2348978
[ 8 ] Bug #2348979 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2348979
[ 9 ] Bug #2349508 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2349508
[ 10 ] Bug #2349509 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2349509
[ 11 ] Bug #2349510 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2349510
[ 12 ] Bug #2349511 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2349511
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f8eca89d63' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: radare2-5.9.8-7.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7b9adcd6ea
2025-03-20 04:35:20.829648+00:00
--------------------------------------------------------------------------------
Name : radare2
Product : Fedora 41
Version : 5.9.8
Release : 7.fc41
URL : https://radare.org/
Summary : The reverse engineering framework
Description :
The radare2 is a reverse-engineering framework that is multi-architecture,
multi-platform, and highly scriptable. Radare2 provides a hexadecimal
editor, wrapped I/O, file system support, debugger support, diffing
between two functions or binaries, and code analysis at opcode,
basic block, and function levels.
--------------------------------------------------------------------------------
Update Information:
fix CVE-2024-56737, CVE-2025-56737, CVE-2025-1864
Fix CVE-2025-1744 and CVE-2025-1864
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2025 Michal Ambroz [rebus@seznam.cz] - 5.9.8-7
- fix CVE-2024-56737
* Fri Mar 7 2025 Michal Ambroz [rebus@seznam.cz] - 5.9.8-6
- fix CVE-2025-1744 and CVE-2025-1864
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 5.9.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2334774 - CVE-2024-56737 radare2: heap-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2334774
[ 2 ] Bug #2334775 - CVE-2024-56737 radare2: heap-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2334775
[ 3 ] Bug #2334777 - CVE-2024-56737 radare2: heap-based buffer overflow [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334777
[ 4 ] Bug #2334779 - CVE-2024-56737 radare2: heap-based buffer overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2334779
[ 5 ] Bug #2348976 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2348976
[ 6 ] Bug #2348977 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2348977
[ 7 ] Bug #2348978 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2348978
[ 8 ] Bug #2348979 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2348979
[ 9 ] Bug #2349508 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2349508
[ 10 ] Bug #2349509 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2349509
[ 11 ] Bug #2349510 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2349510
[ 12 ] Bug #2349511 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2349511
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7b9adcd6ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: libell-0.74-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-35347bf9f0
2025-03-20 00:15:21.054436+00:00
--------------------------------------------------------------------------------
Name : libell
Product : Fedora 42
Version : 0.74
Release : 1.fc42
URL : https://01.org/ell
Summary : Embedded Linux library
Description :
The Embedded Linux* Library (ELL) provides core, low-level functionality for
system daemons. It typically has no dependencies other than the Linux kernel, C
standard library, and libdl (for dynamic linking). While ELL is designed to be
efficient and compact enough for use on embedded Linux platforms, it is not
limited to resource-constrained systems.
--------------------------------------------------------------------------------
Update Information:
bluez 5.80:
Fix issue with handling address type for all types of keys.
Fix issue with handling maximum number of GATT channels.
Fix issue with handling MTU auto-tuning feature.
Fix issue with handling AVRCP volume in reconfigured transports.
Fix issue with handling VCP volume setting requests.
Fix issue with handling VCP connection management.
Fix issue with handling MAP qualification.
Fix issue with handling PBAP qualification.
Fix issue with handling BNEP qualification.
Add support for PreferredBearer device property.
Add support for SupportedTypes Message Access property.
Add support for HFP, A2DP, AVRCP, AVCTP and MAP latest versions.
iwd 3.4:
Add support for the Test Anything Protocol.
libell 0.74:
Add support for NIST P-192 curve usage with ECDH.
Add support for SHA-224 based checksums and HMACs.
libell 0.73:
Fix issue with parsing hwdb.bin child structures.
libell 0.72:
Add support for the Test Anything Protocol.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 17 2025 Peter Robinson [pbrobinson@gmail.com] - 0.74-1
- Update to 0.74
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2278949 - CVE-2023-51596 bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278949
[ 2 ] Bug #2278957 - CVE-2023-51594 bluez: OBEX library out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278957
[ 3 ] Bug #2278963 - CVE-2023-51592 bluez: audio profile avrcp parse_media_folder out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278963
[ 4 ] Bug #2278966 - CVE-2023-51589 bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278966
[ 5 ] Bug #2278968 - CVE-2023-51580 bluez: avrcp_parse_attribute_list out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278968
[ 6 ] Bug #2278970 - CVE-2023-44431 bluez: AVRCP stack-based buffer overflow remote code execution vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278970
[ 7 ] Bug #2344813 - iwd-3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2344813
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-35347bf9f0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: iwd-3.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-35347bf9f0
2025-03-20 00:15:21.054436+00:00
--------------------------------------------------------------------------------
Name : iwd
Product : Fedora 42
Version : 3.4
Release : 1.fc42
URL : https://iwd.wiki.kernel.org/
Summary : Wireless daemon for Linux
Description :
The daemon and utilities for controlling and configuring the Wi-Fi network
hardware.
--------------------------------------------------------------------------------
Update Information:
bluez 5.80:
Fix issue with handling address type for all types of keys.
Fix issue with handling maximum number of GATT channels.
Fix issue with handling MTU auto-tuning feature.
Fix issue with handling AVRCP volume in reconfigured transports.
Fix issue with handling VCP volume setting requests.
Fix issue with handling VCP connection management.
Fix issue with handling MAP qualification.
Fix issue with handling PBAP qualification.
Fix issue with handling BNEP qualification.
Add support for PreferredBearer device property.
Add support for SupportedTypes Message Access property.
Add support for HFP, A2DP, AVRCP, AVCTP and MAP latest versions.
iwd 3.4:
Add support for the Test Anything Protocol.
libell 0.74:
Add support for NIST P-192 curve usage with ECDH.
Add support for SHA-224 based checksums and HMACs.
libell 0.73:
Fix issue with parsing hwdb.bin child structures.
libell 0.72:
Add support for the Test Anything Protocol.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 17 2025 Peter Robinson [pbrobinson@gmail.com] - 3.4-1
- Update to 3.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2278949 - CVE-2023-51596 bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278949
[ 2 ] Bug #2278957 - CVE-2023-51594 bluez: OBEX library out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278957
[ 3 ] Bug #2278963 - CVE-2023-51592 bluez: audio profile avrcp parse_media_folder out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278963
[ 4 ] Bug #2278966 - CVE-2023-51589 bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278966
[ 5 ] Bug #2278968 - CVE-2023-51580 bluez: avrcp_parse_attribute_list out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278968
[ 6 ] Bug #2278970 - CVE-2023-44431 bluez: AVRCP stack-based buffer overflow remote code execution vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278970
[ 7 ] Bug #2344813 - iwd-3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2344813
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-35347bf9f0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: bluez-5.80-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-35347bf9f0
2025-03-20 00:15:21.054436+00:00
--------------------------------------------------------------------------------
Name : bluez
Product : Fedora 42
Version : 5.80
Release : 1.fc42
URL : http://www.bluez.org/
Summary : Bluetooth utilities
Description :
Utilities for use in Bluetooth applications:
- avinfo
- bluemoon
- bluetoothctl
- bluetoothd
- btattach
- btmon
- hex2hcd
- mpris-proxy
The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.
--------------------------------------------------------------------------------
Update Information:
bluez 5.80:
Fix issue with handling address type for all types of keys.
Fix issue with handling maximum number of GATT channels.
Fix issue with handling MTU auto-tuning feature.
Fix issue with handling AVRCP volume in reconfigured transports.
Fix issue with handling VCP volume setting requests.
Fix issue with handling VCP connection management.
Fix issue with handling MAP qualification.
Fix issue with handling PBAP qualification.
Fix issue with handling BNEP qualification.
Add support for PreferredBearer device property.
Add support for SupportedTypes Message Access property.
Add support for HFP, A2DP, AVRCP, AVCTP and MAP latest versions.
iwd 3.4:
Add support for the Test Anything Protocol.
libell 0.74:
Add support for NIST P-192 curve usage with ECDH.
Add support for SHA-224 based checksums and HMACs.
libell 0.73:
Fix issue with parsing hwdb.bin child structures.
libell 0.72:
Add support for the Test Anything Protocol.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 17 2025 Peter Robinson [pbrobinson@fedoraproject.org] - 5.80-1
- Update to 5.80
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2278949 - CVE-2023-51596 bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278949
[ 2 ] Bug #2278957 - CVE-2023-51594 bluez: OBEX library out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278957
[ 3 ] Bug #2278963 - CVE-2023-51592 bluez: audio profile avrcp parse_media_folder out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278963
[ 4 ] Bug #2278966 - CVE-2023-51589 bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278966
[ 5 ] Bug #2278968 - CVE-2023-51580 bluez: avrcp_parse_attribute_list out-of-bounds read information disclosure vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278968
[ 6 ] Bug #2278970 - CVE-2023-44431 bluez: AVRCP stack-based buffer overflow remote code execution vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278970
[ 7 ] Bug #2344813 - iwd-3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2344813
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-35347bf9f0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: radare2-5.9.8-7.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1189bc2336
2025-03-20 00:15:21.054327+00:00
--------------------------------------------------------------------------------
Name : radare2
Product : Fedora 42
Version : 5.9.8
Release : 7.fc42
URL : https://radare.org/
Summary : The reverse engineering framework
Description :
The radare2 is a reverse-engineering framework that is multi-architecture,
multi-platform, and highly scriptable. Radare2 provides a hexadecimal
editor, wrapped I/O, file system support, debugger support, diffing
between two functions or binaries, and code analysis at opcode,
basic block, and function levels.
--------------------------------------------------------------------------------
Update Information:
fix CVE-2024-56737, CVE-2025-56737, CVE-2025-1864
Fix CVE-2025-1744 and CVE-2025-1864
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2025 Michal Ambroz [rebus@seznam.cz] - 5.9.8-7
- fix CVE-2024-56737
* Fri Mar 7 2025 Michal Ambroz [rebus@seznam.cz] - 5.9.8-6
- fix CVE-2025-1744 and CVE-2025-1864
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2334774 - CVE-2024-56737 radare2: heap-based buffer overflow [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2334774
[ 2 ] Bug #2334775 - CVE-2024-56737 radare2: heap-based buffer overflow [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2334775
[ 3 ] Bug #2334777 - CVE-2024-56737 radare2: heap-based buffer overflow [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334777
[ 4 ] Bug #2334779 - CVE-2024-56737 radare2: heap-based buffer overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2334779
[ 5 ] Bug #2348976 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2348976
[ 6 ] Bug #2348977 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2348977
[ 7 ] Bug #2348978 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2348978
[ 8 ] Bug #2348979 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2348979
[ 9 ] Bug #2349508 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2349508
[ 10 ] Bug #2349509 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2349509
[ 11 ] Bug #2349510 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2349510
[ 12 ] Bug #2349511 - CVE-2025-1864 radare2: Buffer Overflow and Potential Code Execution in Radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2349511
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1189bc2336' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
