openSUSE has issued an advisory on December 12: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VM7ZHZ5AWQKW4RJJZ5LN6TSZLENLQ2GZ/ Fix: https://github.com/radareorg/radare2/commit/72bf3a486fa851797aa21887a40ba0e3d3a6d620
Status comment: (none) => Patch available from upstreamSource RPM: (none) => radare2-5.8.8-1.3.mga9.src.rpmCVE: (none) => CVE-2024-29645
Note M9 only. Thanks for the patch ref. Assigning directly to you, David, as you seem to update this routinely.
Assignee: bugsquad => geiger.david68210
Suggested advisory: ======================== The updated packages fix a security vulnerability: Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. (CVE-2024-29645) References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VM7ZHZ5AWQKW4RJJZ5LN6TSZLENLQ2GZ/ ======================== Updated packages in core/updates_testing: ======================== lib(64)radare2_5.8.8-5.8.8-1.4.mga9 lib(64)radare2-devel-5.8.8-1.4.mga9 radare2-5.8.8-1.4.mga9 from SRPM: radare2-5.8.8-1.4.mga9.src.rpm
Status: NEW => ASSIGNEDAssignee: geiger.david68210 => qa-bugsStatus comment: Patch available from upstream => (none)
Installed and tested without issues. Tested using the Cutter GUI. Tested on multiple binaries. All looks OK. System: Mageia 9, x86_64, Plasma DE, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver. $ uname -a Linux jupiter 6.6.65-desktop-2.mga9 #1 SMP PREEMPT_DYNAMIC Thu Dec 12 12:42:26 UTC 2024 x86_64 GNU/Linux $ rpm -qa | grep radare2 | sort lib64radare2_5.8.8-5.8.8-1.4.mga9 radare2-5.8.8-1.4.mga9 radare2-cutter-2.2.1-2.mga9
CC: (none) => mageia
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on Compaq H000SB No installation issues. Ref. bug 32521 for testing $ rabin2 -I firefox.exe arch x86 baddr 0x400000 binsz 517072 bintype pe bits 32 canary true retguard false class PE32 cmp.csum 0x0008c46c compiled Thu Jun 21 15:53:30 2018 crypto false dbg_file c:\builds\moz2_slave\m-esr52-w32-000000000000000000\build\src\obj-firefox\browser\app\firefox.pdb endian little havecode true hdr.csum 0x0008c46c guid CA62060F00F14226994F5C4935BE72192 laddr 0x0 lang msvc linenum false lsyms false machine i386 nx true os windows overlay true cc cdecl pic true relocs false signed true sanitize false static false stripped false subsys Windows GUI va true and $ rax2 0011000011111111d 12543 $ rasm2 ret c3 $ radare2 firefox.exe [0x00405eed]> aa INFO: Analyze all flags starting with sym. and entry0 (aa) INFO: Analyze all functions arguments/locals (afva@@@F) [0x00405eed]> s/ fire Searching 4 bytes in [0x480e00-0x481000] hits: 0 Searching 4 bytes in [0x47f000-0x480e00] hits: 0 Searching 4 bytes in [0x47ea00-0x47f000] hits: 0 Searching 4 bytes in [0x43d000-0x47ea00] hits: 0 Searching 4 bytes in [0x43c200-0x43d000] hits: 0 Searching 4 bytes in [0x43c000-0x43c200] hits: 0 Searching 4 bytes in [0x43a200-0x43c000] hits: 0 Searching 4 bytes in [0x43a000-0x43a200] hits: 0 Searching 4 bytes in [0x439c00-0x43a000] hits: 0 Searching 4 bytes in [0x422000-0x439c00] [# ]0x00423028 hit0_0 .MozillaFirefoxfirefox52.9.02018. Looks OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0006.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED