Mageia alert MGASA-2020-0100 (radare2)

From:
             
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
             
 
updates-announce@ml.mageia.org 
Subject:
             
 
[updates-announce] MGASA-2020-0100: Updated radare2 packages fix security vulnerabilities 
Date:
             
 
Mon, 24 Feb 2020 22:45:49 +0100
Message-ID:
             
 
<20200224214549.6C2399F750@duvel.mageia.org>
MGASA-2020-0100 - Updated radare2 packages fix security vulnerabilities

Publication date: 24 Feb 2020
URL: https://advisories.mageia.org/MGASA-2020-0100.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-19590,
     CVE-2019-19647

Description:
Updated radare2 packages fix security vulnerabilities:

A vulnerability was found in radare2 through 4.0, there is an integer
overflow for the variable new_token_size in the function r_asm_massemble
at libr/asm/asm.c. This integer overflow will result in a Use-After-Free
for the buffer tokens, which can be filled with arbitrary malicious data
after the free. This allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via crafted input
(CVE-2019-19590).

radare2 through 4.0.0 lacks validation of the content variable in the
function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an
arbitrary write. This allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via crafted
input (CVE-2019-19647).

The radare2 package has been updated to version 4.2.1, fixing these issues
and other bugs.

Also, the radare2-cutter package has been updated to version 1.10.1.

References:
- https://bugs.mageia.org/show_bug.cgi?id=26232
-
https://lists.fedoraproject.org/archives/list/package-ann...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...

SRPMS:
- 7/core/radare2-4.2.1-1.mga7
- 7/core/radare2-cutter-1.10.1-1.mga7