[SECURITY] [DLA 901-1] radare2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 901-1] radare2 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 17 Apr 2017 22:43:11 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1704172240150.20408@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : radare2
Version        : 0.9-3+deb7u2
CVE ID         : CVE-2017-6448

CVE-2017-6448
     The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in
     radare2 1.2.1 allows remote attackers to cause a denial of
     service (stack-based buffer overflow and application crash) or
     possibly have unspecified other impact via a crafted DEX file.


For Debian 7 "Wheezy", these problems have been fixed in version
0.9-3+deb7u2.

We recommend that you upgrade your radare2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJY9SjfXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHGgoP/30W6rh/hL4IfZIxIr3F3Xz0
m7elQXaamF+4i2ByTfODrpMbO1mxra7utVvq/A1F24ZzzXxKZp6U4tljCgjoiNsW
7bYK3V5v7ytOI7WLaKW7DeqfdRJhvQi/lP0luPVdMv944EvRN5uwunRI8xzSfaZv
yfMnnZ1sA4ZfCgjWXZ39EjPscTKmQV3mM7omjjK8vpoImxyFmzGSZXT9JiLlF1S1
euA1+eJlFdt2mfi+IRZNXlSuHyqqihU5NIOgnkD3FAJPYPgTTdt4VHNt79v2r0lr
Sw603xQ0gOYF6mgudrhbBB0PrB5FYxisPOSpTPA/43qF6JSv60eNvmX28z+mlKhB
1TfD/ajC0ge2X30VGoRK07SK32NvEUn8brM0bB7rBeqQAFJL8slSJa05KkJS6XC2
3ykWlFbRGY/du4moSv6oviJ+igeuI+w94eZtm1+kl3L9rTZ/PUYN2eysJMLMNXx/
Ons44UPAH339xdUaJAcmuCH8LHG+kJI8mIQ3CyJOwOF37G70P3buKhTdm0nh2FBB
Y9CDlq6BzTCkOAQBSwkdpydrnG8nblOpChSi4k8K47ukHi/l7+uW9r3kFz2H16C5
VhqHVEz6lxF9Epy6dF1CiAEI5up04SIy5n0bJzEWIuyMbW7K70uSnOsrQfw4cY1j
IdlHXuWp7sORF4l981Fs
=fNs8
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 900-1] freetype security update
Next by Date: [SECURITY] [DLA 902-1] imagemagick security update
Previous by thread: [SECURITY] [DLA 900-1] freetype security update
Next by thread: [SECURITY] [DLA 902-1] imagemagick security update
Index(es):
- Date
- Thread