[SECURITY] [DLA 1016-1] radare2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1016-1] radare2 security update
From: Chris Lamb <lamby@debian.org>
Date: Thu, 06 Jul 2017 11:05:59 +0100
Message-id: <[🔎] 1499335559.2599443.1032121520.32BBE9C6@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : radare2
Version        : 0.9-3+deb7u3
CVE ID         : CVE-2017-10929
Debian Bug     : #867369

It was discovered that there was a heap-based buffer overflow in radare2, a
reverse-engineering framework. The grub_memmove function allowed attackers to
cause a remote denial of service.

For Debian 7 "Wheezy", this issue has been fixed in radare2 version
0.9-3+deb7u3.

We recommend that you upgrade your radare2 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb, Debian Project Leader
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlleCrMACgkQHpU+J9Qx
Hli5kA/+M8MNJ9Pdcld0LmYA1/afQwVW7WhYPWp34c7WKIBZM5uj0VRTMvEg2kVz
NHYJWmQVOfQ8Pd90MhLSvX9IN0T9isJ2t19tknWrFxkDvRxW0I6ID2a3whxsFlJR
6oQnNoKpCiu++aE++wqS8xfqLfp9Aq0KYZyCfTpggnHWZ3N21f5RSe/E7mTjWN8t
cv6tCgxnkStZDWBz0Jflh4XNBXAYhzKMHnEp9I2UUouKLoS8OdEWeHraxwvmprQm
iav/viJFy8CbyxLugRcN94tETvX7Zbk5wTRVsF3LhCIep8V7OtPBog4fRUHU8HcK
n9ztOHRZstx6NkTcWqRgt5epk7oemZaPTn5UCV3KXysqn1KsmEupgikG7dtOpcRC
l9K0Ea9PsZVSoFAqRNPjEDYxyxfcKSLlUPV5pBVXmLd5v3i5Q1fX484RCx45NGKi
TO9/N5t7CXZ3hMILSiaK9JdszPgX1w33pLWP8kGUCAumZNVOEjL6Zj7WcS5m1e1v
G7OKnNiCWBGJYCABq3kDZmX2X53C5dmGLCFHBzjDe+ERAOWhghBw9fmUhRH93+qS
Ro1igsEbWD9FVvqgB5ojeibEQQKcsJlZI7wJexsMDkRCmsRVYrQ7VNN+PTk5TrB7
EOKs8TLdXtefGqaz8kUTExSlZUft0AfsgLy4OtLxCtuBXG2UF8s=
=Pime
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1015-1] libgcrypt11 security update
Next by Date: [SECURITY] [DLA 1017-1] mpg123 security update
Previous by thread: [SECURITY] [DLA 1015-1] libgcrypt11 security update
Next by thread: [SECURITY] [DLA 1017-1] mpg123 security update
Index(es):
- Date
- Thread