Advisories ยป MGASA-2020-0329

Updated radare2 packages fix security vulnerability

Publication date: 18 Aug 2020
Modification date: 18 Aug 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-15121

Description

In radare2 before version 4.5.0, malformed PDB file names in the PDB server
path cause shell injection. To trigger the problem it's required to open the
executable in radare2 and run idpd to trigger the download. The shell code will
execute, and will create a file called pwned in the current directory
(CVE-2020-15121).

The radare2 package has been updated to version 4.5.0, fixing these issues and
other bugs.

Also, the radare2-cutter package has been updated to version 1.11.0.
                

References

SRPMS

7/core