Bug 2045240
| Summary: | CVE-2022-0173 radare2: is vulnerable to Out-of-bounds Read [fedora-all] | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Marian Rehak <mrehak> |
| Component: | radare2 | Assignee: | Henrik Nordström <henrik> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 35 | CC: | henrik, rebus |
| Target Milestone: | --- | Keywords: | Security, SecurityTracking |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | radare2-5.6.0-1.el8 radare2-5.6.0-2.el7 radare2-5.6.0-1.fc34 radare2-5.6.0-1.fc35 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-02-21 00:35:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2045238 | ||
|
Description
Marian Rehak
2022-01-25 16:13:19 UTC
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=medium # testing, stable request=testing # Bug numbers: 1234,9876 bugs=2045238,2045240 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new Looks like the packaged 5.4.2 version is ot vulnerable. The affected code was introduced in 5.5.0 and the provided POC does nothing in 5.4.2. But fix is not yet in the latest upstream release so needs to be accounted for when updating. FEDORA-2022-ba3248e596 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2022-ba3248e596 FEDORA-2022-3fc85cd09c has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-3fc85cd09c FEDORA-EPEL-2022-ba28d36d05 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-ba28d36d05 FEDORA-EPEL-2022-93154093e5 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-93154093e5 FEDORA-EPEL-2022-ba28d36d05 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-ba28d36d05 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-3fc85cd09c has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-3fc85cd09c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-3fc85cd09c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-ba3248e596 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-ba3248e596` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-ba3248e596 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2022-93154093e5 has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-93154093e5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2022-ba28d36d05 has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-EPEL-2022-93154093e5 has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-ba3248e596 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-3fc85cd09c has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. |