[SECURITY] Fedora 35 Update: radare2-5.6.4-1.fc35

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-7db9e7bb5b 2022-03-11 14:43:31.710672 --------------------------------------------------------------------------------

Name : radare2 Product : Fedora 35 Version : 5.6.4 Release : 1.fc35 URL : https://radare.org/ Summary : The reverse engineering framework Description : The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and function levels.

-------------------------------------------------------------------------------- Update Information:

Bugfix release. fixes CVE-2022-0518 2055256, 2055130 - https://github.com/radare org/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa fixes CVE-2022-0519 2055103, 2055104 - https://github.com/radareorg/radare2/commit/6c4428f018d385fc8 0a33ecddcb37becea685dd5 fixes CVE-2022-0520 2055145, 2055146 - https://github.co m/radareorg/radare2/commit/8525ad0b9fd596f4b251bb3d7b114e6dc7ce1ee8 fixes CVE-2022-0521 2055043, 2055044 - https://github.com/radareorg/radare2/commit/6c4 428f018d385fc80a33ecddcb37becea685dd5 fixes CVE-2022-0522 2055029, 2055030 - htt ps://github.com/radareorg/radare2/commit/d17a7bdf166108a29a27cd89bf454f9fa6c050d 6 fixes CVE-2022-0523 2055152, 2055153 - https://github.com/radareorg/radare2/co mmit/35482cb760db10f87a62569e2f8872dbd95e9269 fixes CVE-2022-0559 2055256. 2055257 - https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3 cc94a362807f5e fixes CVE-2022-0676 2056758, 2056759 - https://github.com/radareo rg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6 fixes CVE-2022-0712 2057173, 2057174, 2057175, 2057176 - https://github.com/radareorg/radare2/commit /515e592b9bea0612bc63d8e93239ff35bcf645c7 fixes CVE-2022-0713 2057707, 2057708, 2057709, 2057710 - https://github.com/radareorg/radare2/commit/a35f89f86ed12161a f09330e92e5a213014e46a1 fixes CVE-2022-0476 2057712, 2057713, 2057714, 2057715 - https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867... 9f1b fixes CVE-2022-0695 2058522, 2058523, 2058525 - https://github.com/radareor g/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf -------------------------------------------------------------------------------- ChangeLog:

* Mon Feb 28 2022 Michal Ambroz <rebus at, seznam.cz> 5.6.4-1 - bump to 5.6.4 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2054856 - radare2-5.6.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2054856 [ 2 ] Bug #2055029 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055029 [ 3 ] Bug #2055030 - CVE-2022-0522 radare2: Access of Memory Location Before Start of Buffer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055030 [ 4 ] Bug #2055043 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055043 [ 5 ] Bug #2055044 - CVE-2022-0521 radare2: Access of Memory Location After End of Buffer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055044 [ 6 ] Bug #2055103 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055103 [ 7 ] Bug #2055104 - CVE-2022-0519 radare2: CVE-2022-0519: radare2: Buffer Access with Incorrect Length Value prior to 5.6.2. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055104 [ 8 ] Bug #2055129 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055129 [ 9 ] Bug #2055130 - CVE-2022-0518 radare2: CVE-2022-0518: radare2: Heap-based Buffer Overflow in radare2 prior to 5.6.2. [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055130 [ 10 ] Bug #2055145 - CVE-2022-0520 radare2: Use After Free in radare [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055145 [ 11 ] Bug #2055146 - CVE-2022-0520 radare2: Use After Free in radare [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055146 [ 12 ] Bug #2055152 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055152 [ 13 ] Bug #2055153 - CVE-2022-0523 radare2: Expired Pointer Dereference in radare2 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055153 [ 14 ] Bug #2055256 - CVE-2022-0559 radare2: Use After Free in radare2 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055256 [ 15 ] Bug #2055257 - CVE-2022-0559 radare2: Use After Free in radare2 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2055257 [ 16 ] Bug #2056758 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2056758 [ 17 ] Bug #2056759 - CVE-2022-0676 radare2: Heap-based Buffer Overflow in NPM radare2.js [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2056759 [ 18 ] Bug #2057173 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2057173 [ 19 ] Bug #2057174 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2057174 [ 20 ] Bug #2057175 - CVE-2022-0712 radare2: null pointer dereference in bin_symbols.c [fedora-34] https://bugzilla.redhat.com/show_bug.cgi?id=2057175 --------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-7db9e7bb5b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------