| 1 |
type: security |
| 2 |
subject: Updated radare2 packages fix security vulnerability |
| 3 |
CVE: |
| 4 |
- CVE-2020-15121 |
| 5 |
src: |
| 6 |
7: |
| 7 |
core: |
| 8 |
- radare2-4.5.0-1.mga7 |
| 9 |
- radare2-cutter-1.11.0-1.mga7 |
| 10 |
description: | |
| 11 |
In radare2 before version 4.5.0, malformed PDB file names in the PDB server |
| 12 |
path cause shell injection. To trigger the problem it's required to open the |
| 13 |
executable in radare2 and run idpd to trigger the download. The shell code will |
| 14 |
execute, and will create a file called pwned in the current directory |
| 15 |
(CVE-2020-15121). |
| 16 |
|
| 17 |
The radare2 package has been updated to version 4.5.0, fixing these issues and |
| 18 |
other bugs. |
| 19 |
|
| 20 |
Also, the radare2-cutter package has been updated to version 1.11.0. |
| 21 |
references: |
| 22 |
- https://bugs.mageia.org/show_bug.cgi?id=27060 |
| 23 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7OFOJ23B5CP5XDVYTW6TTN7OFZPAIVY4/ |
| 24 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/ |
| 25 |
ID: MGASA-2020-0329 |
Parent Directory
| 
Revision Log