radare2 2.1.0+dfsg-1 source package in Ubuntu
Changelog
radare2 (2.1.0+dfsg-1) unstable; urgency=medium
* New upstream release
- Fix for CVE-2017-15368 (Closes: #878767)
The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0
allows remote attackers to cause a denial of service (stack-based
buffer over-read and application crash) or possibly have unspecified
other impact via a crafted WASM file that triggers an incorrect
r_hex_bin2str call.
- Fix for CVE-2017-15385 (Closes: #879119)
The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c
in radare2 2.0.0 allows remote attackers to cause a denial of service
(r_read_le16 invalid write and application crash) or possibly have
unspecified other impact via a crafted ELF file.
- Fix for CVE-2017-15932 (Closes: #880024)
In radare2 2.0.1, an integer exception (negative number leading to an
invalid memory access) exists in store_versioninfo_gnu_verdef() in
libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF
version on 32bit systems.
- Fix for CVE-2017-15931 (Closes: #880025)
In radare2 2.0.1, an integer exception (negative number leading to an
invalid memory access) exists in store_versioninfo_gnu_verneed() in
libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.
- Fix for CVE-2017-16359 (Closes: #880616)
In radare 2.0.1, a pointer wraparound vulnerability exists in
store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
- Fix for CVE-2017-16358 (Closes: #880619)
In radare 2.0.1, an out-of-bounds read vulnerability exists in
string_scan_range() in libr/bin/bin.c when doing a string search.
- Fix for CVE-2017-16357 (Closes: #880620)
In radare 2.0.1, a memory corruption vulnerability exists in
store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in
libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This
error is due to improper sh_size validation when allocating memory.
- Fix for CVE-2017-16805 (Closes: #882134)
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a
denial of service (invalid read and application crash) via a crafted
ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and
sdb_set_internal in shlr/sdb/src/sdb.c.
* Update Debian Standards Version to 4.1.1
-- Sebastian Reichel <email address hidden> Mon, 27 Nov 2017 16:14:43 +0100
Upload details
- Uploaded by:
- Sebastian Reichel
- Uploaded to:
- Sid
- Original maintainer:
- Sebastian Reichel
- Architectures:
- any all
- Section:
- devel
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| radare2_2.1.0+dfsg-1.dsc | 2.2 KiB | cfa5b321764d315d13a015e4d6d4683e6b7e7a8453bd7d2b5c40c70746f5ca37 |
| radare2_2.1.0+dfsg.orig.tar.xz | 3.3 MiB | 83aad992b0c26f67f20f29999a8be4ecbd7e1864fc733d22415a90c333840c59 |
| radare2_2.1.0+dfsg-1.debian.tar.xz | 13.4 KiB | 5defa20334383570febf06ad10d6ab6574f1c2a2d900192a5bf4fd1a2b5c47b8 |
Available diffs
- diff from 2.0.0+dfsg-1 to 2.1.0+dfsg-1 (422.9 KiB)
No changes file available.
Binary packages built by this source
- libradare2-2.1: No summary available for libradare2-2.1 in ubuntu bionic.
No description available for libradare2-2.1 in ubuntu bionic.
- libradare2-2.1-dbgsym: No summary available for libradare2-2.1-dbgsym in ubuntu bionic.
No description available for libradare2-
2.1-dbgsym in ubuntu bionic.
- libradare2-common: arch independent files from the radare2 suite
The project aims to create a complete, portable, multi-architecture,
unix-like toolchain for reverse engineering.
.
It is composed by an hexadecimal editor (radare) with a wrapped IO
layer supporting multiple backends for local/remote files, debugger
(OS X, BSD, Linux, W32), stream analyzer, assembler/disassembler (rasm)
for x86, ARM, PPC, m68k, Java, MSIL, SPARC, code analysis modules and
scripting facilities. A bindiffer named radiff, base converter (rax),
shellcode development helper (rasc), a binary information extractor
supporting PE, mach0, ELF, class, etc. named rabin, and a block-based
hash utility called rahash.
.
This package provides the arch independent files from radare2.
- libradare2-dev: devel files from the radare2 suite
The project aims to create a complete, portable, multi-architecture,
unix-like toolchain for reverse engineering.
.
It is composed by an hexadecimal editor (radare) with a wrapped IO
layer supporting multiple backends for local/remote files, debugger
(OS X, BSD, Linux, W32), stream analyzer, assembler/disassembler (rasm)
for x86, ARM, PPC, m68k, Java, MSIL, SPARC, code analysis modules and
scripting facilities. A bindiffer named radiff, base converter (rax),
shellcode development helper (rasc), a binary information extractor
supporting PE, mach0, ELF, class, etc. named rabin, and a block-based
hash utility called rahash.
.
This package provides the devel files from radare2.
- radare2: free and advanced command line hexadecimal editor
The project aims to create a complete, portable, multi-architecture,
unix-like toolchain for reverse engineering.
.
It is composed by an hexadecimal editor (radare) with a wrapped IO
layer supporting multiple backends for local/remote files, debugger
(OS X, BSD, Linux, W32), stream analyzer, assembler/disassembler (rasm)
for x86, ARM, PPC, m68k, Java, MSIL, SPARC, code analysis modules and
scripting facilities. A bindiffer named radiff, base converter (rax),
shellcode development helper (rasc), a binary information extractor
supporting PE, mach0, ELF, class, etc. named rabin, and a block-based
hash utility called rahash.
- radare2-dbgsym: debug symbols for radare2
